Add a check for /SAFESEH in checkbins.py.

Similar to BinScope, checkbins.py will either check for the no SEH bit set in DllCharacteristics or a LOAD_CONFIG entry. BUG=104188 Review URL: http://codereview.chromium.org/8584009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@111015 0039d316-1c4b-4281-b951-d872f2087c98

Add a check for /SAFESEH in checkbins.py.
Similar to BinScope, checkbins.py will either check for the no SEH bit set in DllCharacteristics or a LOAD_CONFIG entry. BUG=104188 Review URL: http://codereview.chromium.org/8584009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@111015 0039d316-1c4b-4281-b951-d872f2087c98
a9b198bb · scherkus@chromium.org · e01589e6 · e01589e6 · a9b198bb
Commit a9b198bb authored Nov 21, 2011 by scherkus@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 5 deletions

tools/checkbins/checkbins.bat tools/checkbins/checkbins.bat +0 -1

tools/checkbins/checkbins.py tools/checkbins/checkbins.py +23 -4

No files found.
--- a/tools/checkbins/checkbins.bat
+++ b/tools/checkbins/checkbins.bat
-@%~dp0..\..\third_party\python_24\python.exe %~dp0checkbins.py %*
--- a/tools/checkbins/checkbins.py
+++ b/tools/checkbins/checkbins.py
-#!/usr/bin/python
-# Copyright (c) 2010 The Chromium Authors. All rights reserved.
+#!/usr/bin/env python
+# Copyright (c) 2011 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 """Makes sure that all EXE and DLL files in the provided directory were built
 correctly.

-Currently this tool will check that binaries were built with /NXCOMPAT and
-/DYNAMICBASE set.
+In essense it runs a subset of BinScope tests ensuring that binaries have
+/NXCOMPAT, /DYNAMICBASE and /SAFESEH.
 """

 import os
@@ -22,6 +22,7 @@ import pefile
 PE_FILE_EXTENSIONS = ['.exe', '.dll']
 DYNAMICBASE_FLAG = 0x0040
 NXCOMPAT_FLAG = 0x0100
+NO_SEH_FLAG = 0x0400

 # Please do not add your file here without confirming that it indeed doesn't
 # require /NXCOMPAT and /DYNAMICBASE.  Contact cpu@chromium.org or your local
@@ -45,6 +46,8 @@ def main(options, args):
    if not IsPEFile(path):
      continue
    pe = pefile.PE(path, fast_load=True)
+    pe.parse_data_directories(directories=[
+        pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG']])
    pe_total = pe_total + 1
    success = True

@@ -64,6 +67,22 @@ def main(options, args):
      success = False
      print "Checking %s for /NXCOMPAT... FAIL" % path

+    # Check for /SAFESEH. Binaries should either have no SEH table
+    # (in which case a bit is set in the DLL characteristics section)
+    # or there should be a LOAD_CONFIG section present containing
+    # a valid SEH table.
+    if (pe.OPTIONAL_HEADER.DllCharacteristics & NO_SEH_FLAG or
+        (hasattr(pe, "DIRECTORY_ENTRY_LOAD_CONFIG") and
+         pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerCount > 0 and
+         pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerTable != 0)):
+      if options.verbose:
+        print "Checking %s for /SAFESEH... PASS" % path
+    else:
+      # TODO(scherkus): uncomment this code after we're confident that we
+      # won't cause unintentional failures on the build bots.
+      #success = False
+      print "Checking %s for /SAFESEH... FAIL" % path
+
    # Update tally.
    if success:
      pe_passed = pe_passed + 1