Skip to content

GitLab

T
tangled
Commit a9b198bb authored by scherkus@chromium.org's avatar scherkus@chromium.org
Browse files
Options

Add a check for /SAFESEH in checkbins.py. 

Similar to BinScope, checkbins.py will either check for the no SEH bit set in DllCharacteristics or a LOAD_CONFIG entry.

BUG=104188
Review URL: http://codereview.chromium.org/8584009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@111015 0039d316-1c4b-4281-b951-d872f2087c98
parent e01589e6
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 5 deletions
tools/checkbins/checkbins.bat deleted 100755 → 0
View file @ e01589e6
@%~dp0..\..\third_party\python_24\python.exe %~dp0checkbins.py %*
tools/checkbins/checkbins.py
View file @ a9b198bb
#!/usr/bin/python #!/usr/bin/env python
# Copyright (c) 2010 The Chromium Authors. All rights reserved. # Copyright (c) 2011 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be # Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file. # found in the LICENSE file.
"""Makes sure that all EXE and DLL files in the provided directory were built """Makes sure that all EXE and DLL files in the provided directory were built
correctly. correctly.
Currently this tool will check that binaries were built with /NXCOMPAT and In essense it runs a subset of BinScope tests ensuring that binaries have
/DYNAMICBASE set. /NXCOMPAT, /DYNAMICBASE and /SAFESEH.
""" """
import os import os
...@@ -22,6 +22,7 @@ import pefile ...@@ -22,6 +22,7 @@ import pefile
PE_FILE_EXTENSIONS = ['.exe', '.dll'] PE_FILE_EXTENSIONS = ['.exe', '.dll']
DYNAMICBASE_FLAG = 0x0040 DYNAMICBASE_FLAG = 0x0040
NXCOMPAT_FLAG = 0x0100 NXCOMPAT_FLAG = 0x0100
NO_SEH_FLAG = 0x0400
# Please do not add your file here without confirming that it indeed doesn't # Please do not add your file here without confirming that it indeed doesn't
# require /NXCOMPAT and /DYNAMICBASE. Contact cpu@chromium.org or your local # require /NXCOMPAT and /DYNAMICBASE. Contact cpu@chromium.org or your local
...@@ -45,6 +46,8 @@ def main(options, args): ...@@ -45,6 +46,8 @@ def main(options, args):
if not IsPEFile(path): if not IsPEFile(path):
continue continue
pe = pefile.PE(path, fast_load=True) pe = pefile.PE(path, fast_load=True)
pe.parse_data_directories(directories=[
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG']])
pe_total = pe_total + 1 pe_total = pe_total + 1
success = True success = True
...@@ -64,6 +67,22 @@ def main(options, args): ...@@ -64,6 +67,22 @@ def main(options, args):
success = False success = False
print "Checking %s for /NXCOMPAT... FAIL" % path print "Checking %s for /NXCOMPAT... FAIL" % path
# Check for /SAFESEH. Binaries should either have no SEH table
# (in which case a bit is set in the DLL characteristics section)
# or there should be a LOAD_CONFIG section present containing
# a valid SEH table.
if (pe.OPTIONAL_HEADER.DllCharacteristics & NO_SEH_FLAG or
(hasattr(pe, "DIRECTORY_ENTRY_LOAD_CONFIG") and
pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerCount > 0 and
pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerTable != 0)):
if options.verbose:
print "Checking %s for /SAFESEH... PASS" % path
else:
# TODO(scherkus): uncomment this code after we're confident that we
# won't cause unintentional failures on the build bots.
#success = False
print "Checking %s for /SAFESEH... FAIL" % path
# Update tally. # Update tally.
if success: if success:
pe_passed = pe_passed + 1 pe_passed = pe_passed + 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment