syft icon indicating copy to clipboard operation
syft copied to clipboard

Published 20 hours ago verified publisher icon anchore

Add PE security feature detection

Open wagoodman opened this issue 1 year ago • 0 comments

ELF security feature detections was added in https://github.com/anchore/syft/pull/2443 . It would be nice to also add this same kind of features but for windows (PE formatted binaries).

Proposed features to detect:

  • DEP (data execution prevention)... though enforced from the kernel I think this is detectable from the binary's header.
  • ASLR compatibility, partially detectable with the IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE flag in the PE header (needs research).
  • CFG (control flow guard, needs research)
  • Code signing (authenticode signature)

There may be more features to detect that I'm unaware of.

wagoodman avatar Jan 16 '24 00:01 wagoodman