Skip to content

Instantly share code, notes, and snippets.

@arlosi

arlosi/src-file-checksum.md

Last active March 25, 2020 18:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save arlosi/27162cfbd4bfc9bfabc25bfbe4777160 to your computer and use it in GitHub Desktop.
Save arlosi/27162cfbd4bfc9bfabc25bfbe4777160 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
src-file-checksum.md

Source file checksums in debug info

Both the DWARF standard and the Microsoft CodeView (PDB) support embedding a cryptographic hash of each source file that contributed the associated binary.

The cryptographic hash can be used by a debugger to verify that the source file matches the executable. If the source file does not match, the debugger can provide a warning to the user.

The hash can also be used to prove that a given source file has not been modified since it was used to compile an executable. Because MD5 and SHA1 both have demonstrated vulnerabilities, using SHA256 is recommended for this application.

DWARF 5

DWARF version 5 supports embedding an MD5 hash to validate the source file version in use.

DWARF 5 - Section 6.2.4.1 opcode DW_LNCT_MD5

LLVM DIFile Node

LLVM IR supports MD5, SHA1, and SHA256 source file checksums in the DIFile node.

LLVM DIFile documentation

Microsoft Visual C++ Compiler /ZH option

MSVC++ supports embedding MD5, SHA1, or SHA256 hashes using the /ZH compiler option.

MSVC /ZH documentation

Clang

Clang always embeds an MD5 checksum, though this does not appear in documentation.

Clang source code

Rust

Tracking issue: rust-lang/rust#70401

PR: rust-lang/rust#69718

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment