search

microsoft / binskim

A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats
Other
778 stars 157 forks source link

PDB's aren't recognized for mingw binaries #318

Open sagilo opened 3 years ago

sagilo commented 3 years ago

we are using libgsf which compiled using mingw (gcc porting for win).

I've compiled the library with debug symbols:

$ ./objdump -h libgsf-1-114.dll

libgsf-1-114.dll:     file format pei-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         0002a058  00000001e7c11000  00000001e7c11000  00000600  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE, DATA
  1 .data         000006a0  00000001e7c3c000  00000001e7c3c000  0002a800  2**5
                  CONTENTS, ALLOC, LOAD, DATA
  2 .rdata        0000ce50  00000001e7c3d000  00000001e7c3d000  0002b000  2**5
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .pdata        0000276c  00000001e7c4a000  00000001e7c4a000  00038000  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .xdata        00002460  00000001e7c4d000  00000001e7c4d000  0003a800  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .bss          00000f50  00000001e7c50000  00000001e7c50000  00000000  2**5
                  ALLOC
  6 .edata        00002a46  00000001e7c51000  00000001e7c51000  0003ce00  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .idata        00003a44  00000001e7c54000  00000001e7c54000  0003fa00  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  8 .CRT          00000058  00000001e7c58000  00000001e7c58000  00043600  2**3
                  CONTENTS, ALLOC, LOAD, DATA
  9 .tls          00000010  00000001e7c59000  00000001e7c59000  00043800  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 10 .reloc        00000538  00000001e7c5a000  00000001e7c5a000  00043a00  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 11 .debug_aranges 00000d80  00000001e7c5b000  00000001e7c5b000  00044000  2**0
                  CONTENTS, READONLY, DEBUGGING
 12 .debug_info   00095f35  00000001e7c5c000  00000001e7c5c000  00044e00  2**0
                  CONTENTS, READONLY, DEBUGGING
 13 .debug_abbrev 0000bf33  00000001e7cf2000  00000001e7cf2000  000dae00  2**0
                  CONTENTS, READONLY, DEBUGGING
 14 .debug_line   000260a1  00000001e7cfe000  00000001e7cfe000  000e6e00  2**0
                  CONTENTS, READONLY, DEBUGGING
 15 .debug_frame  0000b7e8  00000001e7d25000  00000001e7d25000  0010d000  2**3
                  CONTENTS, READONLY, DEBUGGING
 16 .debug_str    000080d8  00000001e7d31000  00000001e7d31000  00118800  2**0
                  CONTENTS, READONLY, DEBUGGING
 17 .debug_loc    00064c57  00000001e7d3a000  00000001e7d3a000  00120a00  2**0
                  CONTENTS, READONLY, DEBUGGING
 18 .debug_ranges 00006820  00000001e7d9f000  00000001e7d9f000  00185800  2**0
                  CONTENTS, READONLY, DEBUGGING

And tried using cv2pdb to exract the pdb files from the dll's and place a libgsf-1-114.pdb next to the libgsf-1-114.dll.

In both methods, the pdb's arent recognized by binskim:

2020-12-28T16:41:32.0320303Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2002 : 'libgsf-1-114.dll' was not evaluated for check 'DoNotIncorporateVulnerableDependencies' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0385001Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2006 : 'libgsf-1-114.dll' was not evaluated for check 'BuildWithSecureTools' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0386712Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2007 : 'libgsf-1-114.dll' was not evaluated for check 'EnableCriticalCompilerWarnings' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0390102Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2011 : 'libgsf-1-114.dll' was not evaluated for check 'EnableStackProtection' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0391816Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2013 : 'libgsf-1-114.dll' was not evaluated for check 'InitializeStackProtection' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0568052Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2014 : 'libgsf-1-114.dll' was not evaluated for check 'DoNotDisableStackProtectionForFunctions' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
2020-12-28T16:41:32.0691178Z D:\a\1\s\src\external\libgsf\win32\lib\x64\libgsf-1-114.dll : error ERR997.ExceptionLoadingPdb : BA2024 : 'libgsf-1-114.dll' was not evaluated for check 'EnableSpectreMitigations' because its PDB could not be loaded. (E_PDB_NO_DEBUG_INFO (Pdb is stripped of cv (CodeView) info))
eddynaka commented 3 years ago

Hi @sagilo ,

can you share the dll/pdb so we can verify? Thank you