Checking in checkbin.py, a tool to make sure our Windows binaries were built correctly.

It looks for binaries built with /NXCOMPAT and /DYNAMICBASE, two important security features for Windows binaries.

BUG=25952
TEST=try running it on the output of /src/chrome/Debug

Review URL: http://codereview.chromium.org/338052

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30304 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 78 insertions, 0 deletions

diff --git a/tools/checkbin/checkbin.bat b/tools/checkbin/checkbin.bat
new file mode 100755
index 0000000..f31d901
--- /dev/null
+++ b/tools/checkbin/checkbin.bat
@@ -0,0 +1,4 @@
+@echo off
+setlocal
+set PYTHONPATH=%~dp0..\..\third_party\pefile;%PYTHONPATH%
+%~dp0..\..\third_party\python_24\python.exe %~dp0checkbin.py %*
diff --git a/tools/checkbin/checkbin.py b/tools/checkbin/checkbin.py
new file mode 100755
index 0000000..318720e
--- /dev/null
+++ b/tools/checkbin/checkbin.py
@@ -0,0 +1,65 @@
+#!/usr/bin/python
+# Copyright (c) 2009 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Makes sure that all EXE and DLL files in the provided directory were built
+correctly.
+
+Currently this tool will check that binaries were built with /NXCOMPAT and
+/DYNAMICBASE set.
+"""
+
+import os
+import optparse
+import sys
+
+import pefile
+
+PE_FILE_EXTENSIONS = ['.exe', '.dll']
+DYNAMICBASE_FLAG = 0x0040
+NXCOMPAT_FLAG = 0x0100
+
+def IsPEFile(path):
+  return (os.path.isfile(path) and
+          os.path.splitext(path)[1].lower() in PE_FILE_EXTENSIONS)
+
+def main(options, args):
+  directory = args[0]
+  success = True
+
+  for file in os.listdir(directory):
+    path = os.path.abspath(os.path.join(directory, file))
+    if not IsPEFile(path):
+      continue
+    pe = pefile.PE(path, fast_load=True)
+
+    # Check for /DYNAMICBASE.
+    if pe.OPTIONAL_HEADER.DllCharacteristics & DYNAMICBASE_FLAG:
+      if options.verbose:
+        print "Checking %s for /DYNAMICBASE... PASS" % path
+    else:
+      success = False
+      print "Checking %s for /DYNAMICBASE... FAIL" % path
+
+    # Check for /NXCOMPAT.
+    if pe.OPTIONAL_HEADER.DllCharacteristics & NXCOMPAT_FLAG:
+      if options.verbose:
+        print "Checking %s for /NXCOMPAT... PASS" % path
+    else:
+      success = False
+      print "Checking %s for /NXCOMPAT... FAIL" % path
+
+  if not success:
+    sys.exit(1)
+
+if __name__ == '__main__':
+  usage = "Usage: %prog [options] DIRECTORY"
+  option_parser = optparse.OptionParser(usage=usage)
+  option_parser.add_option("-v", "--verbose", action="store_true",
+                           default=False, help="Print debug logging")
+  options, args = option_parser.parse_args()
+  if not args:
+    option_parser.print_help()
+    sys.exit(0)
+  main(options, args)
diff --git a/tools/checkbin/checkbin.sh b/tools/checkbin/checkbin.sh
new file mode 100755
index 0000000..7888d03
--- /dev/null
+++ b/tools/checkbin/checkbin.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Copyright (c) 2009 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Include pefile in the path.
+PYTHONPATH="$(dirname $0)/../../third_party/pefile:$PYTHONPATH"
+export PYTHONPATH
+python "$(dirname $0)/checkbin.py" "$@"