BinScope Binary Analyzer is tool that is being used by Microsoft teams since early days of SDLC. It analyzes your binaries for a wide variety of security protections with a very straightforward and easy-to-use interface. At Microsoft, developers and testers are required to use this tool in the Verification Phase of the SDL to ensure that they have built their code using the compiler/linker protections required by the Microsoft SDL.
How you use BinScope Binary Analyzer?
The BinScope Binary Analyzer can be downloaded as a standalone tool or as a tool that can be integrated into Visual Studio 2008. By offering these two options, this tool can easily and quickly help you build your code to meet the SDL compiler/linker protections.
The analyzer performs a diverse set of security checks. These checks include:
- /GS flag is being set to detect stack-based buffer overflows
- /SafeSEH flag is being set to enable and ensure safe exception handling
- /NXCOMPAT flag is being set to enforce data execution prevention (NX)
- /DYNAMICBASE flag is being set to enable Address Space Layout Randomization (ASLR)
- .NET Strong-Named Assemblies are being used to ensure unique key pairs and strong integrity checks are in place
- Known good ATL headers are being used
- Up-to-date compiler and linker versions are being used (minimum Visual Studio 2005 SP2)
- Reports on dangerous constructs that are prohibited/discouraged by the SDL (e.g. read/write shared sections, global function pointers).
Download BinScope Binary Analyzer
Hi,
Why BinScope does not work for static library? I want to verify “/GS” in .lib file. But binscop does not show any output for .lib and .obj files(belongs to .lib).
When i disassemble the .obj file then i can see that security_cookie is being applied. But unable to verify with BinScope. Is it limitation of Binscope?