Overview

Supported formats

How to build

Version history
GUI

Command line

XML project
All rules

PE001

PE002

PE003

PE004

PE005

PE006

PE007

PE008

PE009

PE010

PE011

PE012

PE013

PE014

PE015

PE016

PE017

PE018

PE019

PE020

PE021

PE022

PE023

PE024

PE025

PE026

PE027

PE028

PE029

PE030

PE031

PE032

PE033

PE034

PE035

PE036

PE037

PE038

PE039

PE040

PE041

PE042

PE043

PE044

PE045

PE046

PE047

PE048

PE049

PE050

PE051

PE052

PE053

PE054

PE055

PE056

PE057

PE058

PE059

PE060

PE061

PE062

PE063

PE064

PE065

PE066

PE067

PE068

PE069

PE070

PE071

PE072

PE073

PE074

PE075

PE076

PE077

PE078

PE079

PE080

PE081

PE082

PE083

PE084

PE085

PE086

PE087

PE088

PE089

PE090

PE091

PE092

PE093

PE094

PE095

PE096

PE097

PE098

PE099

PE100

PE101

PE102

PE103

PE104

PE105

PE106

PE107

PE108

PE109

PE110

PE111

PE112

PE113

PE114

PE115

PE116

PE117

PE118

PE119

PE120

PE121

PE122

PE123

PE124

PE125

PE126

PE127

PE128

PE129

PE130

PE131

PE132

PE133

PE134

PE135

PE136

PE137

PE138

PE139

PE140

PE141

PE142

PE143

PE144

PE145

PE146

PE147

PE148

PE149

PE150

PE151

PE152

PE153

PE154

PE155

PE156

PE157

PE158

PE159

PE160

PE161

PE162

PE163

PE164

PE165

PE166

PE167

PE168

PE169

PE170

PE171

PE172

PE173

PE174

PE175

PE176

PE177

PE178

PE179

PE180

PE181

PE182

PE183

PE184

PE185

PE186

PE187

PE188

PE189

PE190
All rules

EXE001

EXE002

SW section is present

ID PE012 Level WARNING Category Security

Description

A SW (shared writable) section is present in the executable. A section which is writable and shared at the same time will share writable memory area across processes. This may permit a low privileged process access memory of a high privileged one, which may lead to privilege escalation attacks.

Mitigation

Make sure you are not merging sections with different memory access attributes.
Do not explicitly change memory attributes. If doing so, do not mark any sections writable and shared at the same time.
If you do need to share writable memory across process boundaries, use other safer mechanisms for that, for example: the CreateFileMapping API with proper security attributes; COM; pipes. Alternatively, consider using higher-level libraries which can handle memory access permissions, such as Boost.Interprocess.

If using Visual C++:

Look for the /SECTION option in the linker command line or the corresponding #pragma section declarations in the code.

Arguments

This rule has the following output arguments:

section_name - Affected section name

SW section is present#

Description#

Mitigation#

Arguments#

SW section is present

Description

Mitigation

Arguments