winchecksec/checksec_8h_source.html

#pragma once


#include <iostream>

#include <string>

#include <optional>


#include <pe-parse/parse.h>


namespace checksec {


class ChecksecError : public std::runtime_error {

   public:

    ChecksecError(const char* what) : std::runtime_error(what) {}

};


namespace impl {

constexpr const char kDynamicBaseDescription[] =

    "Binaries with dynamic base support can be "

    "dynamically rebased, enabling ASLR.";


constexpr const char kASLRDescription[] =

    "Binaries with ASLR support have randomized virtual memory layouts. "

    "ASLR is enabled by dynamic base support (without stripped relocation "

    "entries) or by using a managed runtime like .NET.";


constexpr const char kHighEntropyVADescription[] =

    "Binaries with high entropy virtual address support can leverage more of "

    "the virtual memory space to strengthen ASLR.";


constexpr const char kForceIntegrityDescription[] =

    "Binaries with force integrity checking enabled perform additional "

    "Authenticode signing checks, including page hash checks.";


constexpr const char kNXDescription[] =

    "Binaries with NX support can be run with hardware-enforced memory "

    "permissions (i.e., hardware DEP).";


constexpr const char kIsolationDescription[] =

    "Binaries with isolation support cause the Windows loader to perform "

    "a manifest lookup on program load.";


constexpr const char kSEHDescription[] =

    "Binaries with SEH support can use structured exception handlers.";


constexpr const char kCFGDescription[] =

    "Binaries with CFG enabled have additional protections on indirect calls.";


constexpr const char kAuthenticodeDescription[] =

    "Binaries with Authenticode signatures are verified at load time.";


constexpr const char kRFGDescription[] =

    "Binaries with RFG enabled have additional return-oriented-programming "

    "protections.";


constexpr const char kSafeSEHDescription[] =

    "Binaries with SafeSEH enabled have additional protections for stack-based "

    "structured exception handlers.";


constexpr const char kGSDescription[] =

    "Binaries with GS enabled have additional protections against stack-based "

    "buffer overflows.";


constexpr const char kDotNETDescription[] =

    ".NET binaries run in a managed environment with many default mitigations.";


constexpr const char kCetDescription[] =

    "Binaries with cet compat support will use "

    "the shadow stack (if available) to mitigate ROP.";


class LoadedImage {

   public:


    explicit LoadedImage(const std::string path) {

        if (!(pe_ = peparse::ParsePEFromFile(path.c_str()))) {

            throw ChecksecError("Couldn't load file; corrupt or not a PE?");

        }

    }


    ~LoadedImage() { peparse::DestructParsedPE(pe_); }


    // can't make copies of LoadedImage

    LoadedImage(const LoadedImage&) = delete;

    LoadedImage& operator=(const LoadedImage&) = delete;


    peparse::parsed_pe* get() const { return pe_; }


   private:

    peparse::parsed_pe* pe_;

};


}  // namespace impl


enum class MitigationPresence {

    Present,

    NotPresent,

    NotApplicable,

    NotImplemented,

};


struct MitigationReport {

    MitigationPresence presence;


    std::string description;


    std::optional<std::string> explanation;


    operator bool() const { return presence == MitigationPresence::Present; }

};


class Checksec {

   public:

    Checksec(std::string filepath);


    const std::string filepath() const { return filepath_; }


    const MitigationReport isDynamicBase() const;


    const MitigationReport isASLR() const;


    const MitigationReport isHighEntropyVA() const;


    const MitigationReport isForceIntegrity() const;


    const MitigationReport isNX() const;


    const MitigationReport isIsolation() const;


    const MitigationReport isSEH() const;


    const MitigationReport isCFG() const;


    const MitigationReport isAuthenticode() const;


    const MitigationReport isRFG() const;


    const MitigationReport isSafeSEH() const;


    const MitigationReport isGS() const;


    const MitigationReport isDotNET() const;


    const MitigationReport isCetCompat() const;


   private:

    impl::LoadedImage loadedImage_;

    std::string filepath_;

    std::uint16_t targetMachine_ = 0;

    std::uint16_t imageCharacteristics_ = 0;

    std::uint16_t dllCharacteristics_ = 0;

    std::uint32_t loadConfigSize_ = 0;

    std::uint32_t loadConfigGuardFlags_ = 0;

    std::uint64_t loadConfigSEHandlerTable_ = 0;

    std::uint64_t loadConfigSEHandlerCount_ = 0;

    std::uint64_t loadConfigSecurityCookie_ = 0;

    peparse::data_directory clrConfig_ = {0};

    std::uint16_t extendedDllCharacteristics_ = 0;

};


}  // namespace checksec

checksec::ChecksecError
Definition checksec.h:14

checksec::ChecksecError::ChecksecError
ChecksecError(const char *what)
Definition checksec.h:16

checksec::Checksec
Definition checksec.h:141

checksec::Checksec::filepath
const std::string filepath() const
Definition checksec.h:148

checksec::Checksec::isCetCompat
const MitigationReport isCetCompat() const
Definition checksec.cpp:334

checksec::Checksec::isASLR
const MitigationReport isASLR() const
Definition checksec.cpp:179

checksec::Checksec::isGS
const MitigationReport isGS() const
Definition checksec.cpp:310

checksec::Checksec::isIsolation
const MitigationReport isIsolation() const
Definition checksec.cpp:229

checksec::Checksec::isCFG
const MitigationReport isCFG() const
Definition checksec.cpp:245

checksec::Checksec::isSEH
const MitigationReport isSEH() const
Definition checksec.cpp:237

checksec::Checksec::isHighEntropyVA
const MitigationReport isHighEntropyVA() const
Definition checksec.cpp:198

checksec::Checksec::isRFG
const MitigationReport isRFG() const
Definition checksec.cpp:269

checksec::Checksec::isSafeSEH
const MitigationReport isSafeSEH() const
Definition checksec.cpp:289

checksec::Checksec::isAuthenticode
const MitigationReport isAuthenticode() const
Definition checksec.cpp:261

checksec::Checksec::isForceIntegrity
const MitigationReport isForceIntegrity() const
Definition checksec.cpp:210

checksec::Checksec::isNX
const MitigationReport isNX() const
Definition checksec.cpp:218

checksec::Checksec::isDynamicBase
const MitigationReport isDynamicBase() const
Definition checksec.cpp:171

checksec::Checksec::isDotNET
const MitigationReport isDotNET() const
Definition checksec.cpp:326

checksec::impl::LoadedImage
Definition checksec.h:81

checksec::impl::LoadedImage::LoadedImage
LoadedImage(const std::string path)
Definition checksec.h:83

checksec::impl::LoadedImage::~LoadedImage
~LoadedImage()
Definition checksec.h:88

checksec::impl::LoadedImage::LoadedImage
LoadedImage(const LoadedImage &)=delete

checksec::impl::LoadedImage::get
peparse::parsed_pe * get() const
Definition checksec.h:94

checksec::impl::LoadedImage::operator=
LoadedImage & operator=(const LoadedImage &)=delete

checksec::impl::kNXDescription
constexpr const char kNXDescription[]
Definition checksec.h:42

checksec::impl::kDotNETDescription
constexpr const char kDotNETDescription[]
Definition checksec.h:71

checksec::impl::kGSDescription
constexpr const char kGSDescription[]
Definition checksec.h:67

checksec::impl::kSafeSEHDescription
constexpr const char kSafeSEHDescription[]
Definition checksec.h:63

checksec::impl::kHighEntropyVADescription
constexpr const char kHighEntropyVADescription[]
Definition checksec.h:34

checksec::impl::kASLRDescription
constexpr const char kASLRDescription[]
Definition checksec.h:29

checksec::impl::kDynamicBaseDescription
constexpr const char kDynamicBaseDescription[]
Definition checksec.h:25

checksec::impl::kCFGDescription
constexpr const char kCFGDescription[]
Definition checksec.h:53

checksec::impl::kSEHDescription
constexpr const char kSEHDescription[]
Definition checksec.h:50

checksec::impl::kAuthenticodeDescription
constexpr const char kAuthenticodeDescription[]
Definition checksec.h:56

checksec::impl::kForceIntegrityDescription
constexpr const char kForceIntegrityDescription[]
Definition checksec.h:38

checksec::impl::kIsolationDescription
constexpr const char kIsolationDescription[]
Definition checksec.h:46

checksec::impl::kRFGDescription
constexpr const char kRFGDescription[]
Definition checksec.h:59

checksec::impl::kCetDescription
constexpr const char kCetDescription[]
Definition checksec.h:74

checksec
Definition checksec.cpp:15

checksec::MitigationPresence
MitigationPresence
Definition checksec.h:106

checksec::MitigationPresence::NotPresent
@ NotPresent

checksec::MitigationPresence::NotApplicable
@ NotApplicable

checksec::MitigationPresence::NotImplemented
@ NotImplemented

checksec::MitigationPresence::Present
@ Present

checksec::MitigationReport
Definition checksec.h:116

checksec::MitigationReport::explanation
std::optional< std::string > explanation
Definition checksec.h:130

checksec::MitigationReport::presence
MitigationPresence presence
Definition checksec.h:120

checksec::MitigationReport::description
std::string description
Definition checksec.h:125