-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RULE REQUEST] skip "debug only" ELF files #405
Comments
Hi @chipitsine , You should only analyze the |
I analyze output folder recursively using Guargian |
It would be really nice if BinSkim will skip dbg by itself |
It's complex because Binskim cannot know what extension did you use. For example, in the second command, you could use Since binskim tries to analyze everything that you pass in the pattern, you should try to:
|
There's "empty" interpreter. Why not to skip such files |
I do not mean using "dbg" file extension as whitelist marker)) |
I'm not following... |
What is the difference between |
Sure, we strip debug later. Only "dbg" has debig |
Internally "dbg" differ from "hello", please see " file" output above |
I'll have a look at split-dwarf, thank for the idea |
Update:
|
Update:
objcopy --only-keep-debug gcc.objcopy.stripall.addgnudebuglink gcc.objcopy.stripall.addgnudebuglink.dbg // create debug only file from original full bin objcopy --strip-all gcc.objcopy.stripall.addgnudebuglink // remove debug from original full bin and make it bin only file objcopy --add-gnu-debuglink=gcc.objcopy.stripall.addgnudebuglink.dbg gcc.objcopy.stripall.addgnudebuglink // link bin only file and debug only file |
yes, we already use |
@shaopeng-gh , mostly it works, however few binaries provide strange errors: dynamically linked (only one file):
statically linked file
please let me know how to share those binaries privately |
That error seems like an issue in the BindNow rule, merged in #363. I thought I added protections to gracefully handle a missing .dynamic section, but it seems that GetSection(".dynamic") is throwing an unhandled KeyNotFoundException now. |
This patch fixes the static issue, I'll send a PR this week diff --git a/src/BinSkim.Rules/ElfRules/BA3011.EnableBindNow.cs b/src/BinSkim.Rules/ElfRules/BA3011.EnableBindNow.cs
index d1205be..fc7e9f0 100644
--- a/src/BinSkim.Rules/ElfRules/BA3011.EnableBindNow.cs
+++ b/src/BinSkim.Rules/ElfRules/BA3011.EnableBindNow.cs
@@ -104,6 +104,10 @@ namespace Microsoft.CodeAnalysis.IL.Rules
{
return false;
}
+ catch (KeyNotFoundException)
+ {
+ return false;
+ }
return false;
} |
@chipitsine thanks for the feed back. |
Thanks @toshipiazza |
@shaopeng-gh , if u take a look at the snippet from @toshipiazza , u will be able to fix the issue. |
I just opened a PR that would fix that: #412 |
We just released a new prerelease version with the fix for this issue. If you face any new issues, pls, feel free to open a new issue! |
let us consider the following source file
and we build binary and debug symbols
file
hello.dbg
is ELF, but is not executable. I suggest skip such files from analyzingcurrently, BinSkim complains on
hello.dbg
indeed,
hello.dbg
is ELF, but it is not executable.The text was updated successfully, but these errors were encountered: