checksec::pe

Struct CheckSecResults

Source 
pub struct CheckSecResults {
Show 13 fields
    pub aslr: ASLR,
    pub authenticode: bool,
    pub cfg: bool,
    pub clr: bool,
    pub dep: bool,
    pub dynamic_base: bool,
    pub force_integrity: bool,
    pub gs: bool,
    pub high_entropy_va: bool,
    pub isolation: bool,
    pub rfg: bool,
    pub safeseh: bool,
    pub seh: bool,

}
Expand description

Checksec result struct for PE32/32+ binaries

Example

use checksec::pe::{Properties, CheckSecResults};
use goblin::{pe::PE, Object};
use memmap::Mmap;
use std::fs;

pub fn print_results(binary: &String) {
    if let Ok(fp) = fs::File::open(&binary) {
        if let Ok(buf) = unsafe { Mmap::map(&fp) } {
            if let Ok(obj) = Object::parse(&buf) {
                match obj {
                    Object::PE(pe) => println!(
                        "{:#?}",
                        CheckSecResults::parse(&pe, &buf)
                    ),
                    _ => println!("Not an pe binary."),
                }
            }
        }
    }
}

Some of the mitigations/security features that are checked require access to the underlying binary file to parse, so both the goblin object and a read-only memory-mapped version of the original file must be provided for evaluating PE32/32+ binaries.

Fields§

§aslr: ASLR

Address Space Layout Randomization

§authenticode: bool

Authenticode

§cfg: bool

Control Flow Guard (/guard:cf)

§clr: bool

Common Language Runtime (.NET Framework)

§dep: bool

Data Execution Prevention

§dynamic_base: bool

Dynamic Base

§force_integrity: bool

Force Integrity (/INTEGRITYCHECK)

§gs: bool

Buffer Security Check (/GS)

§high_entropy_va: bool

64-bit ASLR (/HIGHENTROPYVA)

§isolation: bool

Allow Isolation (/ALLOWISOLATION)

§rfg: bool

Return Flow Guard

§safeseh: bool

Safe Structured Exception Handler (/SAFESEH)

§seh: bool

Structured Exception Handler

Implementations§

Source§

impl CheckSecResults

Source

pub fn parse(pe: &PE<'_>, buffer: &Mmap) -> Self

Trait Implementations§

Source§

impl Debug for CheckSecResults

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for CheckSecResults

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for CheckSecResults

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Colorized human readable format output

Source§

impl Serialize for CheckSecResults

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,