BinSkim: a great tool for Windows PE Binary security assessments
Validate compiler/linker settings and other security-relevant binary characteristics
Is a binary static analysis tool that scans Windows Portable Executable (PE) files in order to validate compiler/linker settings and other security-relevant binary characteristics.
- Use of outdated compiler toolsets. Binaries should be compiled against the most recent compiler toolsets wherever possible to maximize use of current compiler-level and OS-provided security mitigations.
- Insecure compilation settings. Binaries should be compiled with the most secure settings possible, to enable OS-provided security mitigations, maximize compiler error and warnings reporting, etc.
- Signing issues. Signed binaries should be signed with cryptographically strong algorithms.
-o, — output File path to which analysis output will be written.
-v, — verbose Emit verbose output. The resulting comprehensive report is designed to provide appropriate evidence for compliance scenarios.
-r, — recurse Recurse into subdirectories when evaluating file specifier arguments.
-p, — policy Path to policy file that will be used to configure analysis. Pass value of ‘default’ to use built-in settings.
-s, — statistics Generate timing and other statistics for analysis session.
-h, — hashes Output SHA-256 hash of analysis targets when emitting SARIF reports.
— sympath Symbols path value, e.g., SRVhttp://msdl.microsoft.com/download/symbols or Cached:symbols;Srv**http://symweb
— help Display this help screen.
— version Display version information.
value pos. 0 One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.
The primary function of BinSkim is to analyze Windows portable executables (.dlls, .exes, etc). To analyze a file, pass one or more arguments that resolve one or more portable executables.
// Analyze a single binary named MyProjectFile.dll found in c:temp
// and emit verbose messages during analysis
binskime.exe analyze c:tempMyProjectFile.dll –verbose
// Analyze all files with the .dll or .exe extension starting in the
// current working directory and recursing through all child directories
binskim analyze *.exe *.dll –recurse
// Analyze all files with the .dll extension starting in the current
// current directory and write results to a SARIF log file
binskim analyze *.dll --output MyLog.sarif