C# Class WinBinAuditv1.WinBinAuditv1PEChecks

Afficher le fichier Open project: olliencc/WinBinaryAudit

Méthodes publiques

Méthode	Description
ASLR ( PEProp binInfo ) : bool	Does it support ASLR
AppContainer ( PEProp binInfo ) : bool	Is this an AppContainer binary
CodeSize ( PEProp binInfo ) : uint
ControlFlowGuard ( PEProp binInfo ) : bool	Is this an AppContainer binary
DLLPlanting ( PEProp binInfo, SecurityInfo SecInfo ) : bool	SetDllDirectory, SetDefaultDllDirectories, AddDllDirectory
DLLPlantingReason ( PEProp binInfo, SecurityInfo SecInfo ) : string
DoesImport ( PEProp binInfo, string strTheOne, bool bExact, SecurityInfo SecInfo ) : bool	Checks if the the string is in the list of imports
DoesImportviaLoadLibrary ( PEProp binInfo, string strTheOne, SecurityInfo SecInfo ) : bool
DotNetAllowPartialTrustCallers ( PEProp binInfo ) : bool
DotNetStrongName ( PEProp binInfo ) : bool
DotNetVer ( PEProp binInfo ) : string
EncodePointer ( PEProp binInfo, SecurityInfo SecInfo ) : bool
ForceInt ( PEProp binInfo ) : bool
GS1Check ( PEProp binInfo ) : bool
GS2Check32 ( PEProp binInfo ) : int
GS3Check ( PEProp binInfo, SecurityInfo SecInfo ) : bool
GSCheck64 ( PEProp binInfo ) : bool
GSCookieHunter ( byte strWorkBuff, long lngFileSize, byte strGSAddr ) : long
GetFileSize ( SecurityInfo secInfo, PEProp binInfo ) : void
GetManifest ( PEProp binInfo, SecurityInfo secInfo ) : bool
HeapSetInfo ( PEProp binInfo, SecurityInfo SecInfo ) : bool	Checks if the binary / uses HeapSetInformation
HighEntropy ( SecurityInfo secInfo, PEProp binInfo ) : bool
InsecureSection ( PEProp binInfo ) : bool	Is there a shared and writeable section
IsDLL ( PEProp binInfo ) : bool	Is the file a DLL
LoadLibrary ( PEProp binInfo, SecurityInfo SecInfo ) : bool
MS12001 ( PEProp binInfo ) : bool	MS12-001 Vulnerability Check
MS12001Sz ( PEProp binInfo ) : int	Size extraction related to MS12-001 size check
MS12001SzTwo ( PEProp binInfo ) : uint	Second size extraction for MS12-001 test
MSBannedAPIs ( SecurityInfo secInfo, string strImports ) : int
MSCompilerVers ( PEProp binInfo ) : List
NX ( PEProp binInfo ) : bool	Check for DEP Support
NoSEH ( PEProp binInfo ) : bool	Check for No SEH
ProcessHeapExec ( PEProp binInfo ) : bool
SafeSEH ( PEProp binInfo ) : bool	SafeSEH Check
SetDEPPolicy ( PEProp binInfo, SecurityInfo SecInfo ) : bool
SigDetails ( SecurityInfo secInfo, PEProp binInfo ) : void
UACIntLevel ( PEProp binInfo ) : string
UACUIAccess ( PEProp binInfo ) : string
VirtualAlloc ( PEProp binInfo, SecurityInfo SecInfo ) : bool

Private Methods

Méthode	Description
FindResource ( IntPtr hModule, int lpID, int lpType ) : IntPtr
LoadLibraryEx ( string lpFileName, IntPtr hFile, uint dwFlags ) : IntPtr
LoadResource ( IntPtr hModule, IntPtr hResInfo ) : IntPtr
LoadString ( IntPtr hInstance, int uID, StringBuilder lpBuffer, int nBufferMax ) : int
LockResource ( IntPtr hResData ) : IntPtr
SizeofResource ( IntPtr hModule, IntPtr hResInfo ) : uint

Method Details

ASLR() public méthode

Does it support ASLR

public ASLR ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

AppContainer() public méthode

Is this an AppContainer binary

public AppContainer ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

CodeSize() public méthode

public CodeSize ( PEProp binInfo ) : uint
binInfo	PEProp
Résultat	uint

ControlFlowGuard() public méthode

Is this an AppContainer binary

public ControlFlowGuard ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

DLLPlanting() public méthode

SetDllDirectory, SetDefaultDllDirectories, AddDllDirectory

public DLLPlanting ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

DLLPlantingReason() public méthode

public DLLPlantingReason ( PEProp binInfo, SecurityInfo SecInfo ) : string
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	string

DoesImport() public méthode

Checks if the the string is in the list of imports

public DoesImport ( PEProp binInfo, string strTheOne, bool bExact, SecurityInfo SecInfo ) : bool
binInfo	PEProp
strTheOne	string
bExact	bool
SecInfo	SecurityInfo
Résultat	bool

DoesImportviaLoadLibrary() public méthode

public DoesImportviaLoadLibrary ( PEProp binInfo, string strTheOne, SecurityInfo SecInfo ) : bool
binInfo	PEProp
strTheOne	string
SecInfo	SecurityInfo
Résultat	bool

DotNetAllowPartialTrustCallers() public méthode

public DotNetAllowPartialTrustCallers ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

DotNetStrongName() public méthode

public DotNetStrongName ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

DotNetVer() public méthode

public DotNetVer ( PEProp binInfo ) : string
binInfo	PEProp
Résultat	string

EncodePointer() public méthode

public EncodePointer ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

ForceInt() public méthode

public ForceInt ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

GS1Check() public méthode

public GS1Check ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

GS2Check32() public méthode

public GS2Check32 ( PEProp binInfo ) : int
binInfo	PEProp
Résultat	int

GS3Check() public méthode

public GS3Check ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

GSCheck64() public méthode

public GSCheck64 ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

GSCookieHunter() public méthode

public GSCookieHunter ( byte strWorkBuff, long lngFileSize, byte strGSAddr ) : long
strWorkBuff	byte
lngFileSize	long
strGSAddr	byte
Résultat	long

GetFileSize() public méthode

public GetFileSize ( SecurityInfo secInfo, PEProp binInfo ) : void
secInfo	SecurityInfo
binInfo	PEProp
Résultat	void

GetManifest() public méthode

public GetManifest ( PEProp binInfo, SecurityInfo secInfo ) : bool
binInfo	PEProp
secInfo	SecurityInfo
Résultat	bool

HeapSetInfo() public méthode

Checks if the binary / uses HeapSetInformation

public HeapSetInfo ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

HighEntropy() public méthode

public HighEntropy ( SecurityInfo secInfo, PEProp binInfo ) : bool
secInfo	SecurityInfo
binInfo	PEProp
Résultat	bool

InsecureSection() public méthode

Is there a shared and writeable section

public InsecureSection ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

IsDLL() public méthode

Is the file a DLL

public IsDLL ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

LoadLibrary() public méthode

public LoadLibrary ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

MS12001() public méthode

MS12-001 Vulnerability Check

public MS12001 ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

MS12001Sz() public méthode

Size extraction related to MS12-001 size check

public MS12001Sz ( PEProp binInfo ) : int
binInfo	PEProp
Résultat	int

MS12001SzTwo() public méthode

Second size extraction for MS12-001 test

public MS12001SzTwo ( PEProp binInfo ) : uint
binInfo	PEProp
Résultat	uint

MSBannedAPIs() public méthode

public MSBannedAPIs ( SecurityInfo secInfo, string strImports ) : int
secInfo	SecurityInfo
strImports	string
Résultat	int

MSCompilerVers() public méthode

public MSCompilerVers ( PEProp binInfo ) : List
binInfo	PEProp
Résultat	List

NX() public méthode

Check for DEP Support

public NX ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

NoSEH() public méthode

Check for No SEH

public NoSEH ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

ProcessHeapExec() public méthode

public ProcessHeapExec ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

SafeSEH() public méthode

SafeSEH Check

public SafeSEH ( PEProp binInfo ) : bool
binInfo	PEProp
Résultat	bool

SetDEPPolicy() public méthode

public SetDEPPolicy ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool

SigDetails() public méthode

public SigDetails ( SecurityInfo secInfo, PEProp binInfo ) : void
secInfo	SecurityInfo
binInfo	PEProp
Résultat	void

UACIntLevel() public méthode

public UACIntLevel ( PEProp binInfo ) : string
binInfo	PEProp
Résultat	string

UACUIAccess() public méthode

public UACUIAccess ( PEProp binInfo ) : string
binInfo	PEProp
Résultat	string

VirtualAlloc() public méthode

public VirtualAlloc ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
Résultat	bool