[−][src]Trait checksec::pe::PEProperties
checksec Trait implementation for goblin::pe::PE
Example
use checksec::pe::PEProperties; use goblin::pe::PE; use memmap::Mmap; use std::fs; pub fn print_results(binary: &String) { if let Ok(fp) = fs::File::open(&binary) { if let Ok(buf) = unsafe { Mmap::map(&fp) } { if let Ok(pe) = PE::parse(&buf) { println!("aslr: {}", pe.has_aslr()); println!("gs: {}", pe.has_gs(&buf)); } } } }
Some of the mitigations/security features that are checked require access to the underlying binary file, so both the goblin object and a read-only memory-mapped version of the original file must be provided for check functions that require it.
Required methods
fn has_aslr(&self) -> ASLR
check for both IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
(0x0040) and
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
(0x0020) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_authenticode(&self, mem: &Mmap) -> bool
check flags in the IMAGE_LOAD_CONFIG_CODE_INTEGRITY
structure linked
from IMAGE_LOAD_CONFIG_DIRECTORY32/64
within the
IMAGE_OPTIONAL_HEADER32/64
requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file
fn has_cfg(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_GUARD_CF
(0x4000) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_clr(&self) -> bool
check for Common Language Runtime header within the
IMAGE_OPTIONAL_HEADER32/64
fn has_dep(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_NX_COMPAT
(0x0100) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_dynamic_base(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
(0x0040) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_force_integrity(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
(0x0080) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_gs(&self, mem: &Mmap) -> bool
check value of security_cookie
in the
IMAGE_LOAD_CONFIG_DIRECTORY32/64
from the
IMAGE_OPTIONAL_HEADER32/64
requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file
fn has_high_entropy_va(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
(0x0020) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_isolation(&self) -> bool
check for IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
(0x0200) in
DllCharacteristics
within the IMAGE_OPTIONAL_HEADER32/64
fn has_rfg(&self, mem: &Mmap) -> bool
check guard_flags
for IMAGE_GUARD_RF_INSTRUMENTED
(0x00020000)
along with IMAGE_GUARD_RF_ENABLE
(0x00040000) or
IMAGE_GUARD_RF_STRICT (0x0008_0000) in IMAGE_DATA_DIRECTORY
from the IMAGE_OPTIONAL_HEADER32/64
requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file
fn has_safe_seh(&self, mem: &Mmap) -> bool
check shandler_count
from LOAD_CONFIG
in IMAGE_DATA_DIRECTORY
linked from the the IMAGE_OPTIONAL_HEADER32/64
requires a memmap::Mmap of the original file to read and parse required information from the underlying binary file
fn has_seh(&self) -> bool
check IMAGE_DLLCHARACTERISTICS_NO_SEH from the IMAGE_OPTIONAL_HEADER32/64