tools/checkbins/checkbins.py - Issue 8584009: Add a check for /SAFESEH in checkbins.py.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: tools/checkbins/checkbins.py

Issue 8584009: Add a check for /SAFESEH in checkbins.py. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: tools/checkbins/checkbins.py

===================================================================

--- tools/checkbins/checkbins.py (revision 110937)

+++ tools/checkbins/checkbins.py (working copy)

@@ -1,13 +1,13 @@

-#!/usr/bin/python

+#!/usr/bin/env python

# Use of this source code is governed by a BSD-style license that can be

# found in the LICENSE file.

"""Makes sure that all EXE and DLL files in the provided directory were built

correctly.

-Currently this tool will check that binaries were built with /NXCOMPAT and

-/DYNAMICBASE set.

+In essense it runs a subset of BinScope tests ensuring that binaries have

+/NXCOMPAT, /DYNAMICBASE and /SAFESEH.

"""

import os

@@ -22,6 +22,7 @@

PE_FILE_EXTENSIONS = ['.exe', '.dll']

DYNAMICBASE_FLAG = 0x0040

NXCOMPAT_FLAG = 0x0100

+NO_SEH_FLAG = 0x0400

# Please do not add your file here without confirming that it indeed doesn't

# require /NXCOMPAT and /DYNAMICBASE. Contact cpu@chromium.org or your local

@@ -45,6 +46,8 @@

if not IsPEFile(path):

continue

pe = pefile.PE(path, fast_load=True)

+ pe.parse_data_directories(directories=[

+ pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG']])

pe_total = pe_total + 1

success = True

@@ -64,6 +67,22 @@

success = False

print "Checking %s for /NXCOMPAT... FAIL" % path

+ # Check for /SAFESEH. Binaries should either have no SEH table

+ # (in which case a bit is set in the DLL characteristics section)

+ # or there should be a LOAD_CONFIG section present containing

+ # a valid SEH table.

+ if (pe.OPTIONAL_HEADER.DllCharacteristics & NO_SEH_FLAG or

+ (hasattr(pe, "DIRECTORY_ENTRY_LOAD_CONFIG") and

+ pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerCount > 0 and

+ pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.SEHandlerTable != 0)):

+ if options.verbose:

+ print "Checking %s for /SAFESEH... PASS" % path

+ else:

+ # TODO(scherkus): uncomment this code after we're confident that we

+ # won't cause unintentional failures on the build bots.

+ #success = False

+ print "Checking %s for /SAFESEH... FAIL" % path

# Update tally.

if success:

pe_passed = pe_passed + 1

« no previous file with comments | « tools/checkbins/checkbins.bat ('k') | no next file » | no next file with comments »