C# Class WinBinAuditv1.WinBinAuditv1PEChecks

Mostra file Open project: olliencc/WinBinaryAudit

Public Methods

Method	Description
ASLR ( PEProp binInfo ) : bool	Does it support ASLR
AppContainer ( PEProp binInfo ) : bool	Is this an AppContainer binary
CodeSize ( PEProp binInfo ) : uint
ControlFlowGuard ( PEProp binInfo ) : bool	Is this an AppContainer binary
DLLPlanting ( PEProp binInfo, SecurityInfo SecInfo ) : bool	SetDllDirectory, SetDefaultDllDirectories, AddDllDirectory
DLLPlantingReason ( PEProp binInfo, SecurityInfo SecInfo ) : string
DoesImport ( PEProp binInfo, string strTheOne, bool bExact, SecurityInfo SecInfo ) : bool	Checks if the the string is in the list of imports
DoesImportviaLoadLibrary ( PEProp binInfo, string strTheOne, SecurityInfo SecInfo ) : bool
DotNetAllowPartialTrustCallers ( PEProp binInfo ) : bool
DotNetStrongName ( PEProp binInfo ) : bool
DotNetVer ( PEProp binInfo ) : string
EncodePointer ( PEProp binInfo, SecurityInfo SecInfo ) : bool
ForceInt ( PEProp binInfo ) : bool
GS1Check ( PEProp binInfo ) : bool
GS2Check32 ( PEProp binInfo ) : int
GS3Check ( PEProp binInfo, SecurityInfo SecInfo ) : bool
GSCheck64 ( PEProp binInfo ) : bool
GSCookieHunter ( byte strWorkBuff, long lngFileSize, byte strGSAddr ) : long
GetFileSize ( SecurityInfo secInfo, PEProp binInfo ) : void
GetManifest ( PEProp binInfo, SecurityInfo secInfo ) : bool
HeapSetInfo ( PEProp binInfo, SecurityInfo SecInfo ) : bool	Checks if the binary / uses HeapSetInformation
HighEntropy ( SecurityInfo secInfo, PEProp binInfo ) : bool
InsecureSection ( PEProp binInfo ) : bool	Is there a shared and writeable section
IsDLL ( PEProp binInfo ) : bool	Is the file a DLL
LoadLibrary ( PEProp binInfo, SecurityInfo SecInfo ) : bool
MS12001 ( PEProp binInfo ) : bool	MS12-001 Vulnerability Check
MS12001Sz ( PEProp binInfo ) : int	Size extraction related to MS12-001 size check
MS12001SzTwo ( PEProp binInfo ) : uint	Second size extraction for MS12-001 test
MSBannedAPIs ( SecurityInfo secInfo, string strImports ) : int
MSCompilerVers ( PEProp binInfo ) : List
NX ( PEProp binInfo ) : bool	Check for DEP Support
NoSEH ( PEProp binInfo ) : bool	Check for No SEH
ProcessHeapExec ( PEProp binInfo ) : bool
SafeSEH ( PEProp binInfo ) : bool	SafeSEH Check
SetDEPPolicy ( PEProp binInfo, SecurityInfo SecInfo ) : bool
SigDetails ( SecurityInfo secInfo, PEProp binInfo ) : void
UACIntLevel ( PEProp binInfo ) : string
UACUIAccess ( PEProp binInfo ) : string
VirtualAlloc ( PEProp binInfo, SecurityInfo SecInfo ) : bool

Private Methods

Method	Description
FindResource ( IntPtr hModule, int lpID, int lpType ) : IntPtr
LoadLibraryEx ( string lpFileName, IntPtr hFile, uint dwFlags ) : IntPtr
LoadResource ( IntPtr hModule, IntPtr hResInfo ) : IntPtr
LoadString ( IntPtr hInstance, int uID, StringBuilder lpBuffer, int nBufferMax ) : int
LockResource ( IntPtr hResData ) : IntPtr
SizeofResource ( IntPtr hModule, IntPtr hResInfo ) : uint

Method Details

ASLR() public method

Does it support ASLR

public ASLR ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

AppContainer() public method

Is this an AppContainer binary

public AppContainer ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

CodeSize() public method

public CodeSize ( PEProp binInfo ) : uint
binInfo	PEProp
return	uint

ControlFlowGuard() public method

Is this an AppContainer binary

public ControlFlowGuard ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

DLLPlanting() public method

SetDllDirectory, SetDefaultDllDirectories, AddDllDirectory

public DLLPlanting ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

DLLPlantingReason() public method

public DLLPlantingReason ( PEProp binInfo, SecurityInfo SecInfo ) : string
binInfo	PEProp
SecInfo	SecurityInfo
return	string

DoesImport() public method

Checks if the the string is in the list of imports

public DoesImport ( PEProp binInfo, string strTheOne, bool bExact, SecurityInfo SecInfo ) : bool
binInfo	PEProp
strTheOne	string
bExact	bool
SecInfo	SecurityInfo
return	bool

DoesImportviaLoadLibrary() public method

public DoesImportviaLoadLibrary ( PEProp binInfo, string strTheOne, SecurityInfo SecInfo ) : bool
binInfo	PEProp
strTheOne	string
SecInfo	SecurityInfo
return	bool

DotNetAllowPartialTrustCallers() public method

public DotNetAllowPartialTrustCallers ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

DotNetStrongName() public method

public DotNetStrongName ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

DotNetVer() public method

public DotNetVer ( PEProp binInfo ) : string
binInfo	PEProp
return	string

EncodePointer() public method

public EncodePointer ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

ForceInt() public method

public ForceInt ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

GS1Check() public method

public GS1Check ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

GS2Check32() public method

public GS2Check32 ( PEProp binInfo ) : int
binInfo	PEProp
return	int

GS3Check() public method

public GS3Check ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

GSCheck64() public method

public GSCheck64 ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

GSCookieHunter() public method

public GSCookieHunter ( byte strWorkBuff, long lngFileSize, byte strGSAddr ) : long
strWorkBuff	byte
lngFileSize	long
strGSAddr	byte
return	long

GetFileSize() public method

public GetFileSize ( SecurityInfo secInfo, PEProp binInfo ) : void
secInfo	SecurityInfo
binInfo	PEProp
return	void

GetManifest() public method

public GetManifest ( PEProp binInfo, SecurityInfo secInfo ) : bool
binInfo	PEProp
secInfo	SecurityInfo
return	bool

HeapSetInfo() public method

Checks if the binary / uses HeapSetInformation

public HeapSetInfo ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

HighEntropy() public method

public HighEntropy ( SecurityInfo secInfo, PEProp binInfo ) : bool
secInfo	SecurityInfo
binInfo	PEProp
return	bool

InsecureSection() public method

Is there a shared and writeable section

public InsecureSection ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

IsDLL() public method

Is the file a DLL

public IsDLL ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

LoadLibrary() public method

public LoadLibrary ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

MS12001() public method

MS12-001 Vulnerability Check

public MS12001 ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

MS12001Sz() public method

Size extraction related to MS12-001 size check

public MS12001Sz ( PEProp binInfo ) : int
binInfo	PEProp
return	int

MS12001SzTwo() public method

Second size extraction for MS12-001 test

public MS12001SzTwo ( PEProp binInfo ) : uint
binInfo	PEProp
return	uint

MSBannedAPIs() public method

public MSBannedAPIs ( SecurityInfo secInfo, string strImports ) : int
secInfo	SecurityInfo
strImports	string
return	int

MSCompilerVers() public method

public MSCompilerVers ( PEProp binInfo ) : List
binInfo	PEProp
return	List

NX() public method

Check for DEP Support

public NX ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

NoSEH() public method

Check for No SEH

public NoSEH ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

ProcessHeapExec() public method

public ProcessHeapExec ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

SafeSEH() public method

SafeSEH Check

public SafeSEH ( PEProp binInfo ) : bool
binInfo	PEProp
return	bool

SetDEPPolicy() public method

public SetDEPPolicy ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool

SigDetails() public method

public SigDetails ( SecurityInfo secInfo, PEProp binInfo ) : void
secInfo	SecurityInfo
binInfo	PEProp
return	void

UACIntLevel() public method

public UACIntLevel ( PEProp binInfo ) : string
binInfo	PEProp
return	string

UACUIAccess() public method

public UACUIAccess ( PEProp binInfo ) : string
binInfo	PEProp
return	string

VirtualAlloc() public method

public VirtualAlloc ( PEProp binInfo, SecurityInfo SecInfo ) : bool
binInfo	PEProp
SecInfo	SecurityInfo
return	bool