Chapter 5. Advanced features

Table of Contents

Security tests

Security tests

Not all binaries are suspicious. You might have some normal binaries to study, finding vulnerabilities on it, etc. You can use pesec to check security features in PE files. It may be useful for programmers or vulnerability researchers. Have a look:

$ pesec about.exe

ASLR:                            no
DEP/NX:                          no
SEH:                             yes
Stack cookies (EXPERIMENTAL):    yes

Currently pesec can discover if the PE file has ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention) / NX (No eXecutable bit), SEH (Structured Exception Handling) and Stack Cookies, as known as Canary, enabled. If you want to use pesec, you probably know what these protection schemes are. ;)

We experimentally support stack cookies put by Visual Studio only but we do really have plans to extend this support. Stay tuned!