Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

How to Run BinScope

Microsoft BinScope 2014
User Guide
Microsoft Trustworthy
Computing
Contents
Overview ................................................................................................................. 2
Purpose of Tool.................................................................................................... 2
Security checks ...................................................................................... 2
Installation ............................................................................................................. 3
How to Run BinScope........................................................................................ 3
Analysis of BinScope Output .......................................................................... 3
Features .................................................................................................................. 4
Configurability ....................................................................................... 4
Command Line Mode ......................................................................... 4
Configure BinScope to Run Windows App Certification Kit Checks 5
Troubleshooting .................................................................................................. 6
Automation............................................................................................................ 6
Support ................................................................................................................... 6
Overview
Microsoft BinScope 2014 was designed in order to help detect potential vulnerabilities that can
be introduced into Binary files. The tests implemented in BinScope examine application binary
files to identify coding and building practices that can potentially render the application
vulnerable to attack or to being used as an attack vector. The tests include:




Validating compiler and linker flags
Ensuring the use of “known good” ATL headers
Verifying that current compiler versions are used
Identifying specific coding constructs that are deemed "dangerous"
By default, all checks required by the Microsoft SDL Process Guidance version 5.2 are enabled.
However, users can enable and disable checks. BinScope supports a command-line interface to
fit the needs of your environment.
Typical Information Technology users of BinScope:


Developers use BinScope to verify compliance with coding and building best practices.
IT Security Auditors, during reviews, can evaluate the risk presented by a particular piece of
software installed on the Windows platform.
By reading this document and performing the sample exercise you can expect to gain the
following skills:





To have a general understanding of what BinScope does and the value it can add to your
security strategy.
Understand the software requirements for BinScope.
Understand the installation procedure.
Perform a basic scan using BinScope.
Be familiar with some of the terminology used in BinScope.
Purpose of Tool
Each of the BinScope checks addresses a weakness commonly exploited by attackers. The
requirements enforced by BinScope do not eliminate all possible weaknesses, but they do make
them much harder to exploit. In addition, the safeguards should not be considered separately;
rather all tests should be performed.
Security checks
BinScope performs the following checks:
Check
SDL Required
AppContainerCheck (Required for Windows Store Certification)
No
Trustworthy Computing | BinScope 2014 User Guide
2
Check
SDL Required
ATLVersionCheck
ATLVulnCheck
CompilerVersionCheck
DBCheck
DefaultGSCookieCheck
ExecutableImportsCheck
FunctionPointersCheck
GSCheck
GSFriendlyInitCheck
GSFunctionSafeBuffersCheck
HighEntropyVACheck
NXCheck
RSA32Check
SafeSEHCheck
SharedSectionCheck
VB6Check
WXCheck
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Table 1 BinScope Checks
Installation
For installation instructions and systems requirements, please see the Microsoft BinScope 2014
Getting Started Guide.
How to Run BinScope
For information on how to run BinScope, please see the Microsoft BinScope 2014 Getting Started
Guide.
Analysis of BinScope Output
For information regarding analyzing BinScope results, please see the Microsoft BinScope 2014
Getting Started Guide.
Trustworthy Computing | BinScope 2014 User Guide
3
Features
Configurability
BinScope allows users to enable and disable checks. By default, all SDL required checks are
enabled. BinScope detects the type of assembly that is being scanned and determines whether
or not the enabled check is applicable.
Command Line Mode
To run BinScope in Command Line mode, open the command window in the BinScope install
directory.
BinScope command line syntax is:
BinScope.exe [<options] <target>
The following table outlines the options available via command line mode:
Option
/Checks <string> (short: /c)
/Html
/ListChecks (short: /lc)
/LogFile <string> (short: /l)
/MinimumCompilerVersion <version>
/MinimumLinkerVersion <version>
/NoLogo
/OutDir <string> (short: /d)
/PREfast <string> (short: /pf)
/Red
/SaveConfig <string> (short: /save)
Trustworthy Computing | BinScope 2014 User Guide
Description
Specify the Checks for scanning. One can
specify multiple checks by using /Checks
multiple times. (Use /listchecks to show all
available checks)
Change the output format to HTML for
viewing in a browser.
List all available checks.
Specify the file name to store analysis
output.
Sets a minimum compiler version for
native projects.
Sets a minimum linker version for native
projects.
Disable printing the logo header output to
the console.
Specify the output directory name to store
the LogFile.
Generate analysis output in PREfast format
instead of Red format. Only one output file
format can be enabled at a time.
Generate analysis output in Red format.
Save configuration information (XML
format) into the specified file.
4
Option
/SkippedChecks <string> (short: /e)
/SymPath <string> (short: /s)
/Target <string>
/Verbose (short: /v)
/Xslt (short: /x)
Description
Specify the Checks to be skipped for
scanning. One can specify multiple checks
to be skipped by using /SkippedChecks
multiple times.
Specify /sympath to be used by Binscope.
Specify the full path to the target file to be
scanned. Binscope supports files which are
put into a Portable Executable container;
e.g. DLLs, EXEs, SYSs, etc.
Enable verbose log output.
Write a report XSLT file suitable for
displaying the Red file in the browser. Only
works for /Red format & not the /PREFast
format.
Table 1 Command Line Mode Options
Configure BinScope to Run Windows
App Certification Kit Checks
The Windows App Certification Kit includes a subset of the BinScope security checks. Microsoft
BinScope 2014 can be configured to run only the checks that are run as part of the Windows
App Certification Kit.
1. Open a Command Prompt window and navigate to the BinScope installation directory.
2. For scans where the private symbols are in the same location as the binary, provide the
following command:
binscope.exe /target “<path to binary>” /Checks "AppContainerCheck" /Checks
"DBCheck" /Checks "ExecutableImportsCheck" /Checks "NXCheck" /Checks
"SafeSEHCheck" /Checks "SharedSectionCheck" /Checks "WXCheck"
Note: BinScope is unable to run against files located in a system-protected directory.
3. For scans where the private symbols are not in the same location as the binary, provide the
following command using /SymPath:
Trustworthy Computing | BinScope 2014 User Guide
5
binscope.exe /target “<path to binary>” /SymPath “<path to symbols>” /Checks
"ExecutableImportsCheck" /Checks "NXCheck" /Checks "SafeSEHCheck" /Checks
"SharedSectionCheck" /Checks "WXCheck"
Troubleshooting
Please see the links listed below in “Support”.
Automation
Binscope.exe by default runs all of SDL required checks against the target. Use the
/SkippedChecks flag to skip certain checks that might not be appropriate in a daily build
environment, such as CompilerVersionCheck.
Example:
Binscope.exe /target <FILE_TO_ANALYZE> /SkippedChecks “CompilerVersionCheck”
/logfile <LOGFILE>
Support
For support, please visit the following links:



Microsoft Security Development Lifecycle
Microsoft Cyber Trust Blog
MSDN Forums for SDL
Trustworthy Computing | BinScope 2014 User Guide
6
Copyright © 2015 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in
this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.
Some examples are for illustration only and are fictitious. No real association is intended or inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and
use this document for your internal, reference purposes.
Trustworthy Computing | BinScope 2014 User Guide
7
Related documents
Your GMC ID check event is due to be held on Thursday 28 March
Your GMC ID check event is due to be held on Thursday 28 March
2.6 Tier I teacher behavior checklist
2.6 Tier I teacher behavior checklist
Active Learning Checklist
Active Learning Checklist
a copy
a copy
A Revelatory Case Study on Scaling Agile Release Planning
A Revelatory Case Study on Scaling Agile Release Planning
CHAPTER 3 HEALTH APPRAISALS
CHAPTER 3 HEALTH APPRAISALS
Term 1 planning 2015
Term 1 planning 2015
Download