Comments (4)
Hey Travis:
Sorry about the slow reply here--I'll need to validate something about HighEntropyVA with someone before I can say it definitely doesn't apply for an ILOnly assembly. (This is edited--I originally said this was not the case, and was filtered out, but I was recalling a different check.)
However, as I understand it, the .net core Self Contained Deployments use something similar to NGEN, which means you're actually producing a native executable. This is definitely the case on Linux, where you get ELF executables.
As I'd expect, too, the CLR headers aren't present on pwsh.exe--if you run dumpbin /clrheader pwsh.exe, you only get:
Dump of file pwsh.exe
File Type: EXECUTABLE IMAGE
Summary
1000 .data
1000 .pdata
9000 .rdata
1000 .reloc
20000 .rsrc
9000 .text
1000 .tls
Whereas on a .NET assembly, you'd get CLR header options (incl. ILOnly, as below), as you see with dumpbin /clrheader BinSkim.exe (output is similar for a .NET core framework dependent compilation, as well):
Dump of file binskim.exe
FileType: EXECUTABLE IMAGE
clr Header:
48 cb
2.05 runtime version
3304 [ 5264] RVA [size] of MetaData Directory
1 flags
IL Only
6000037 entry point token
8568 [ A10] RVA [size] of Resources Directory
0 [ 0] RVA [size] of StrongNameSignature Directory
0 [ 0] RVA [size] of CodeManagerTable Directory
0 [ 0] RVA [size] of VTableFixups Directory
0 [ 0] RVA [size] of ExportAddressTableJumps Directory
0 [ 0] RVA [size] of ManagedNativeHeader Directory
Summary
2000 .rsrc
8000 .text
You may want to reach out to the .NET Core folks to check about the details of self contained deployments vs. framework dependent ones.
Thanks,
Everett Maus
from binskim.
After going back over some things--it also does look like /highentropyva does apply to ILOnly assemblies, at least on Windows.
from binskim.
pwsh.dll
was actually the flagged binary ( an odd quirk of how EXE's works in netcore, this is where OUR code live, pwsh.exe
is just dotnet.exe
renamed.) I was given a workaround.
We added the following line to our common props:
<HighEntropyVA>true</HighEntropyVA>
https://github.com/PowerShell/PowerShell/blob/5d8999e8b5aa472139f18e9b437dbcd17d494565/PowerShell.Common.props#L107
This issue was filed:
dotnet/sdk#1735
from binskim.
I don't think this is a binskim issue. Closing.
from binskim.
Related Issues (20)
- BA2024 - Defect : EnableSpectreMitigations HOT 2
- Is it true that I can pass an input file list? HOT 3
- SpectreMitigationsEnabled
- Guardian: PostAnalysis error [ EnableCriticalCompilerWarning] HOT 1
- Combability with .NET ReadyToRun and Self-Contained HOT 3
- BA2026 is reported as NotApplicable for native PE binaries compiled with /sdl switch
- BA2025, /CETCOMPAT and .NET Framework
- Users not able to know which file causes issue when exception loading pdb
- BA2004 - Should exclude "AssemblyAttributes.obj" HOT 1
- BinSkim download from symbol server not working
- Unclear Error message when the path of the file too long
- Enabling disabled rules
- BinSkim BA2014 compatibility with the new Arm64EC files
- BinSkim BA2021 compatibility with R2R Linux binaries
- Put evidence of MSVC ASAN utilization in telemetry stream
- [RULE REQUEST] Check for the import of outdated (end-of-life) Visual C++ redistributable DLLs
- Special-case compiler generated `dummy.obj` file that fires `BA2004` HOT 1
- Whether to suppress ‘PDB not found’ errors for stub .exe that invokes the .net core entry point
- Introducing an alternative to Binskim: Binary Valentine (with GUI)
- --ignorePdbLoadError behavior changed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from binskim.