Comments (6)
When you talk to them let us know if they require us to use a new version of their dlls to get this correctly, after it is added. (likely no need)
@shaopeng-gh I am on the DIA SDK team and just pushed an update to MSVC yesterday reserving CV_CFL_GO
as 0x16
. The only things changed in upstream are:
- cvconst.h seeing the new value in
CV_CFL_LANG
.Although not current in the documentationThis is now reflected in the documentation (even though it will not be available by name until released). - dia2dumps.exe rendering the language as
Go
- cvdump.exe rendering the language as
Go
In order to use the new constant by name (CV_CFL_GO
via cvconst.h), a dll update is not required. It's only a header, after all.
Currently, these changes are scheduled to release as a part of VS 17.7P1, which should be right around 6/1 (not yet scheduled). But the new enum value is certainly reserved in the meantime.
Question: Is the value being reserved in MSVC enough for you to move forward? Or do you actually need to reference the constant by name and have access to the changes in diadumps.exe/cvdump.exe? If you do need these changes, I can request to release sooner (in order to get @qmuntal and @dagood unblocked).
from binskim.
About the language identifier, should we coordinate with the DIA SDK team to add a new identifier? Or just adding it to binskim is enough? ---- I think I can answer this one, we are using the values from this link: https://learn.microsoft.com/en-us/visualstudio/debugger/debug-interface-access/cv-cfl-lang?view=vs-2022
so yes need the upstream to be updated first and we can update our enum accordingly. When you talk to them let us know if they require us to use a new version of their dlls to get this correctly, after it is added. (likely no need)
from binskim.
@shaopeng-gh how can I move this forward?
from binskim.
I have very limited knowledge about GoLang,
in Linux it will be ELF + dwarf debugging,
in Windows my understanding is it can be either PE + dwarf or PE + .PDB file
in Windows, which one is kind of "default", or more widely used,
For a most simple HelloWorld app, can you let me know command lines for budling PE + .PDB; and PE + dwarf
and does it support default Go compiler, gcc and clang, gccgo, Gollvm
I guess when facing Go binaries, Binskim would need to be able to understand what debugging it used and and load debugging correctly?
from binskim.
@shaopeng-gh how can I move this forward?
please check with @suvamM @michaelcfanning
from binskim.
Go doesn't support creating PDB files at all right now. Me and @qmuntal work on Go (for Microsoft), and we're trying to add PDB support to the Go compiler/toolset. A problem is that PDB files specify the language used (C++, C#, Rust, etc.). There is no way to specify "Go" with the current hard-coded set of values in the enum in microsoft/binskim.
If you want to see a PDB file before adding a Go entry to that enum, I'm afraid we have a circular dependency.
Hopefully this was just a matter of missing context, and this clears up the original issue.
from binskim.
Related Issues (20)
- Ensure deterministic PDB probing order. HOT 1
- Feature Request: Include Last Modified Date in uploaded data for both PDBs and for scan targets HOT 2
- Where is sarif-2.1.0-rtm.6.json schema file? HOT 1
- New rule to address obsolete .Net Framework 1.0 files that do not conform to the NX Compat rules
- Suggestion to use --verbose should be removed HOT 1
- Binskim not listening all check when all checks should be included HOT 7
- WinTrustVerify output handling missing some possible HRESULT HOT 1
- Tracking proposal: new analysis
- BA2004 - EnableSecureSourceCodeHashing: Provide more info on the indirect dependency in the error message HOT 5
- BA2004 - Evaluate if exclude "CLI attribute types (compiler internal)" HOT 3
- BA2024 EnableSpectreMitigations - Need to separate guidance into separate messages
- BA2004 - EnableSecureSourceCodeHashing Error message only shows SHA1 when not SHA256 HOT 1
- Flakiness of BinSkim in Azure Devops HOT 1
- BinSkim crashes (AccessViolationException) loading Xamarin.Mac.pdb HOT 4
- Binskim reporting /Qspectre switch not enabled for libxml2-2.11.1 static library even after switch is added HOT 3
- [RULE REQUEST] Enforce presence of /INTEGRITYCHECK HOT 1
- Out of memory exception occurs while inspecting certain binaries during BA2004.EnableSecureSourceCodeHashing rule HOT 3
- ERR997.ExceptionLoadingAnalysisTarget for .exe file HOT 5
- FailureLevels commandline option does not fully override XML config if both exists HOT 3
- BA2024 - Defect : EnableSpectreMitigations HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from binskim.