差異處
這裏顯示兩個版本的差異處。
|
cpp:wdm:security:analysis_with_binscope [2019/09/04 10:13] tony |
cpp:wdm:security:analysis_with_binscope [2023/06/25 09:48] |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | {{tag>WDM BinScope}} | ||
| - | ====== Analysis driver with BinScope ====== | ||
| - | ===== Problem ===== | ||
| - | 這陣子有一間"超熱心"的公司在分析我們的driver,找出些security的問題,這也賦予了我們學習的機會。本篇文章主要紀錄使用BinScope這個Binary Analyzer的方式。 | ||
| - | ===== How to? ===== | ||
| - | 從M$提供的[[https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/driver-security-checklist#binscope|driver-security-checklist]]中,我們得知BinScope可以幫我們找到compile與build設定是否有安全性的問題。可以從此[[https://www.microsoft.com/download/details.aspx?id=44995|連結]]拿到安裝程式。執行方法與參數可以參考我的腳本,要指定driver、symbolic file與report檔案的路徑: | ||
| - | <code bash> | ||
| - | @echo off | ||
| - | cd /d "C:\Program Files\Microsoft BinScope 2014" | ||
| - | |||
| - | set WORKING_DIR=D:\Workspace\test_driver | ||
| - | set DRIVER_PATH="%WORKING_DIR%\mydriver.sys" | ||
| - | set PDB_PATH="%WORKING_DIR%\mydriver.pdb" | ||
| - | set REPORT_PATH="%WORKING_DIR%\report.htm" | ||
| - | |||
| - | binscope %DRIVER_PATH% /SymPath %PDB_PATH% /verbose /html /logfile %REPORT_PATH% | ||
| - | |||
| - | pause | ||
| - | </code> | ||
| - | 附上掃描完的結果給大家參考:\\ | ||
| - | {{:cpp:wdm:security:binscope_report.png|}}\\ | ||
| - | \\ | ||
| - | 嗯..果然是編譯環境與建置環境的問題啊! | ||
| - | ===== Reference ===== | ||
| - | * [[https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/driver-security-checklist|Driver security checklist]] | ||
| - | ===== ===== | ||
| - | ---- | ||
| - | \\ | ||
| - | ~~DISQUS~~ | ||
