[][src]Struct checksec::pe::PECheckSecResults

pub struct PECheckSecResults {
    pub aslr: ASLR,
    pub authenticode: bool,
    pub cfg: bool,
    pub clr: bool,
    pub dep: bool,
    pub dynamic_base: bool,
    pub force_integrity: bool,
    pub gs: bool,
    pub high_entropy_va: bool,
    pub isolation: bool,
    pub rfg: bool,
    pub safeseh: bool,
    pub seh: bool,
}

Checksec result struct for PE32/32+ binaries

Example

use checksec::pe::PEProperties;
use goblin::pe::PE;
use memmap::Mmap;
use std::fs;

pub fn print_results(binary: &String) {
    if let Ok(fp) = fs::File::open(&binary) {
        if let Ok(buf) = unsafe { Mmap::map(&fp) } {
            if let Ok(obj) = Object::parse(&buf) {
                match obj {
                    Object::PE(pe) => println!(
                        "{:#?}",
                        PECheckSecResults::parse(&pe, &buf)
                    ),
                    _ => println!("Not an pe binary."),
                }
            }
        }
    }
}

Some of the mitigations/security features that are checked require access to the underlying binary file to parse, so both the goblin object and a read-only memory-mapped version of the original file must be provided for evaluating PE32/32+ binaries.

Fields

aslr: ASLR

Address Space Layout Randomization

authenticode: bool

Authenticode

cfg: bool

Control Flow Guard (/guard:cf)

clr: bool

Common Language Runtime (.NET Framework)

dep: bool

Data Execution Prevention

dynamic_base: bool

Dynamic Base

force_integrity: bool

Force Integrity (/INTEGRITYCHECK)

gs: bool

Buffer Security Check (/GS)

high_entropy_va: bool

64-bit ASLR (/HIGHENTROPYVA)

isolation: bool

Allow Isolation (/ALLOWISOLATION)

rfg: bool

Return Flow Guard

safeseh: bool

Safe Structured Exception Handler (/SAFESEH)

seh: bool

Structured Exception Handler

Methods

impl PECheckSecResults[src]

pub fn parse(pe: &PE, buffer: &Mmap) -> PECheckSecResults[src]

Trait Implementations

impl Debug for PECheckSecResults[src]

impl<'de> Deserialize<'de> for PECheckSecResults[src]

impl Display for PECheckSecResults[src]

fn fmt(&self, f: &mut Formatter) -> Result[src]

Colorized human readable format output

impl Serialize for PECheckSecResults[src]

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> DeserializeOwned for T where
    T: for<'de> Deserialize<'de>, [src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> ToString for T where
    T: Display + ?Sized[src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.