Monday, June 5, 2017

Windows PE Binary Static Analysis Tool : BinSkim

1:08 PM Leave a Reply
Windows PE Binary Static Analysis Tool

    BinSkim is a binary static analysis tool that scans Windows Portable Executable (PE) files for security and correctness.  Among the verifications performed by BinSkim are validations that the PE file has opted into all of the binary mitigations offered by the Windows Platform. Some of these mitigations ensure the binary has:

SafeSEH enabled for safe exception handling,
ASLR enabled so that memory is not laid out in a predictable fashion easier and
Stack Protection is enabled to prevent overflow
    BinSkim is a useful mechanism to ensure that applications are benefiting from all mitigations available today. BinSkim is a checker that examines portable executables and their associated PDBs to identify various security problems. These include:



Use of outdated compiler toolsets. Binaries should be compiled against the most recent compiler toolsets wherever possible to maximize use of current compiler-level and OS-provided security mitigations.
Insecure compilation settings. Binaries should be compiled with the most secure settings possible, to enable OS-provided security mitigations, maximize compiler error and warnings reporting, etc.
Signing issues. Signed binaries should be signed with cryptographically strong algorithms.


Command-Line Documentation

-o, –output File path to which analysis output will be written.
-v, –verbose Emit verbose output. The resulting comprehensive report is designed to provide appropriate evidence for compliance scenarios.
-r, –recurse Recurse into subdirectories when evaluating file specifier arguments.
-p, –policy Path to policy file that will be used to configure analysis. Pass value of ‘default’ to use built-in settings.
-s, –statistics Generate timing and other statistics for analysis session.
-h, –hashes Output SHA-256 hash of analysis targets when emitting SARIF reports.
–sympath Symbols path value, e.g., SRVhttp://msdl.microsoft.com/download/symbols or Cached:\symbols;Srv**http://symweb
–help Display this help screen.
–version Display version information.
value pos. 0 One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.



Example Command-Line

binskim.exe c:\bld*.dll --recurse --policy default --output MyRun.sarif

Download

0 comments :