Incorrect SafeSEH Determination

NetSPI / PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

https://blog.netspi.com/verifying-aslr-dep-and-safeseh-with-powershell/

MIT License

614 stars 152 forks source link

Incorrect SafeSEH Determination #1

Closed 0xbadfca11 closed 10 years ago

0xbadfca11 commented 10 years ago

Determination of SafeSEH, have to read IMAGE_LOAD_CONFIG_DIRECTORY. if( ! LOAD_CONFIG ) if( IMAGE_DLLCHARACTERISTICS_NO_SEH ) "I know SafeSEH, but I don't use SEH. I'm SEH attack safe, in other words SafeSEH" else "I don't know SafeSEH. NO SafeSEH." else if( SEHandlerCount > 0 && validity SEHandlerTable ) "I know SafeSEH and contains SafeSEH." else "No SafeSEH" Please look at Microsoft BinScope Binary Analyzer SafeSEH aware or not ?

egru commented 10 years ago

Thanks for noticing this. I'll get a fix out hopefully today.

egru commented 10 years ago

I fixed the issue. Took a bit of time, but everything looks to be running correctly now.