Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tools/checkbins/checkbins.py

Issue 8584009: Add a check for /SAFESEH in checkbins.py. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« tools/checkbins/checkbins.bat ('K') | « tools/checkbins/checkbins.bat ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tools/checkbins/checkbins.py
===================================================================
--- tools/checkbins/checkbins.py (revision 110937)
+++ tools/checkbins/checkbins.py (working copy)
@@ -1,13 +1,13 @@
#!/usr/bin/python
M-A Ruel 2011/11/21 19:58:34 #!/usr/bin/env python
scherkus (not reviewing) 2011/11/21 20:33:58 Done.
-# Copyright (c) 2010 The Chromium Authors. All rights reserved.
+# Copyright (c) 2011 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Makes sure that all EXE and DLL files in the provided directory were built
correctly.
-Currently this tool will check that binaries were built with /NXCOMPAT and
-/DYNAMICBASE set.
+In essense it runs a subset of BinScope tests ensuring that binaries have
+/NXCOMPAT, /DYNAMICBASE and /SAFESEH.
"""
import os
@@ -22,6 +22,7 @@
PE_FILE_EXTENSIONS = ['.exe', '.dll']
DYNAMICBASE_FLAG = 0x0040
NXCOMPAT_FLAG = 0x0100
+NO_SEH_FLAG = 0x0400
# Please do not add your file here without confirming that it indeed doesn't
# require /NXCOMPAT and /DYNAMICBASE. Contact cpu@chromium.org or your local
@@ -45,6 +46,8 @@
if not IsPEFile(path):
continue
pe = pefile.PE(path, fast_load=True)
+ pe.parse_data_directories(directories=[
+ pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG']])
pe_total = pe_total + 1
success = True
@@ -64,6 +67,20 @@
success = False
print "Checking %s for /NXCOMPAT... FAIL" % path
+ # Check for /SAFESEH. Binaries should either have no SEH table
+ # (in which case a bit is set in the DLL characteristics section)
+ # or there should be a LOAD_CONFIG section present containing
+ # the SEH table.
+ if (pe.OPTIONAL_HEADER.DllCharacteristics & NO_SEH_FLAG or
+ hasattr(pe, "DIRECTORY_ENTRY_LOAD_CONFIG")):
Sigurður Ásgeirsson 2011/11/21 20:27:32 The load config, if present, also needs to have a
scherkus (not reviewing) 2011/11/21 20:33:58 Done.
+ if options.verbose:
+ print "Checking %s for /SAFESEH... PASS" % path
+ else:
+ # TODO(scherkus): uncomment this code after we're confident that we
+ # won't cause unintentional failures on the build bots.
+ #success = False
+ print "Checking %s for /SAFESEH... FAIL" % path
+
# Update tally.
if success:
pe_passed = pe_passed + 1
« tools/checkbins/checkbins.bat ('K') | « tools/checkbins/checkbins.bat ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698