[][src]Trait checksec::pe::PEProperties

pub trait PEProperties {
    fn has_aslr(&self) -> ASLR;

    fn has_authenticode(&self, mem: &Mmap) -> bool;

    fn has_cfg(&self) -> bool;

    fn has_clr(&self) -> bool;

    fn has_dep(&self) -> bool;

    fn has_dynamic_base(&self) -> bool;

    fn has_force_integrity(&self) -> bool;

    fn has_gs(&self, mem: &Mmap) -> bool;

    fn has_high_entropy_va(&self) -> bool;

    fn has_isolation(&self) -> bool;

    fn has_rfg(&self, mem: &Mmap) -> bool;

    fn has_safe_seh(&self, mem: &Mmap) -> bool;

    fn has_seh(&self) -> bool;
}

checksec Trait implementation for goblin::pe::PE

Example

use checksec::pe::PEProperties;
use goblin::pe::PE;
use memmap::Mmap;
use std::fs;

pub fn print_results(binary: &String) {
    if let Ok(fp) = fs::File::open(&binary) {
        if let Ok(buf) = unsafe { Mmap::map(&fp) } {
            if let Ok(pe) = PE::parse(&buf) {
                println!("aslr: {}", pe.has_aslr());
                println!("gs: {}", pe.has_gs(&buf));
            }
        }
    }
}

Some of the mitigations/security features that are checked require access to the underlying binary file, so both the goblin object and a read-only memory-mapped version of the original file must be provided for check functions that require it.

Required methods

fn has_aslr(&self) -> ASLR

check for both IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE (0x0040) and IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA (0x0020) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_authenticode(&self, mem: &Mmap) -> bool

check flags in the IMAGE_LOAD_CONFIG_CODE_INTEGRITY structure linked from IMAGE_LOAD_CONFIG_DIRECTORY32/64 within the IMAGE_OPTIONAL_HEADER32/64

requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file

fn has_cfg(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_GUARD_CF (0x4000) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_clr(&self) -> bool

check for Common Language Runtime header within the IMAGE_OPTIONAL_HEADER32/64

fn has_dep(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_NX_COMPAT (0x0100) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_dynamic_base(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE (0x0040) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_force_integrity(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (0x0080) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_gs(&self, mem: &Mmap) -> bool

check value of security_cookie in the IMAGE_LOAD_CONFIG_DIRECTORY32/64 from the IMAGE_OPTIONAL_HEADER32/64

requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file

fn has_high_entropy_va(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA (0x0020) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_isolation(&self) -> bool

check for IMAGE_DLLCHARACTERISTICS_NO_ISOLATION (0x0200) in DllCharacteristics within the IMAGE_OPTIONAL_HEADER32/64

fn has_rfg(&self, mem: &Mmap) -> bool

check guard_flags for IMAGE_GUARD_RF_INSTRUMENTED (0x00020000) along with IMAGE_GUARD_RF_ENABLE (0x00040000) or IMAGE_GUARD_RF_STRICT (0x0008_0000) in IMAGE_DATA_DIRECTORY from the IMAGE_OPTIONAL_HEADER32/64

requires a memmap::Mmap of the original file to read & parse required information from the underlying binary file

fn has_safe_seh(&self, mem: &Mmap) -> bool

check shandler_count from LOAD_CONFIG in IMAGE_DATA_DIRECTORY linked from the the IMAGE_OPTIONAL_HEADER32/64

requires a memmap::Mmap of the original file to read and parse required information from the underlying binary file

fn has_seh(&self) -> bool

check IMAGE_DLLCHARACTERISTICS_NO_SEH from the IMAGE_OPTIONAL_HEADER32/64

Loading content...

Implementations on Foreign Types

impl<'_> PEProperties for PE<'_>[src]

Loading content...

Implementors

Loading content...