SafeSEH reported False for resource-only DLLs

NetSPI / PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

https://blog.netspi.com/verifying-aslr-dep-and-safeseh-with-powershell/

MIT License

614 stars 152 forks source link

SafeSEH reported False for resource-only DLLs #16

Open imag0r opened 5 years ago

imag0r commented 5 years ago

SafeSEH is reported False for resource-only DLLs. While it is technically valid, it just generates a noise in the reports as this can't be 'fixed' in the DLL itself. Resource-only DLLs contain no code, so they can't have safe Structured Exception Handlers. PESecurity could skip such DLLs by checking whether they have non-0 entry point. More info: https://docs.microsoft.com/en-us/cpp/build/creating-a-resource-only-dll?view=vs-2017

egru commented 5 years ago

Thanks for the info. I'll take a look and write up a patch to skip those.