Annocheck (Annobin)

Next: Allowing other programs to run security checks, Previous: How to examine the information stored in the binary., Up: Annotating Binaries: How Was Your Program Built ? [Contents]

4 Analysing binary files.

annocheck
  [-h | --help]
  [--help-tool]
  [--version]
  [-v | --verbose]
  [-q | --quiet]
  [-i | --ignore-unknown]
  [-r | --report-unknown]
  [-f | --follow-links]
  [-I | --ignore-links]
  [--debug-rpm=file]
  [--dwarf-dir=dir]
  [-p text | --prefix=text]
  [-t dir | --tmpdir=dir]
  [-u | --use-debuginfod]
  [-n | --no-use-debuginfod]
  [--enable-tool]
  [--disable-tool]
  [--tool]
  [--tool-option]
  file…

The annocheck program can analyse binary files and report information about them. It is designed to be modular, with a set of self-contained tools providing the checking functionality. Currently the following tools are implemented:

The annocheck program is able to scan inside rpm files and libraries. It will automatically recurse into any directories that are specified on the command line. In addition annocheck knows how to find debug information held in separate debug files, and it will search for these whenever it needs the resources that they contain.

New tools can be added to the annocheck framework by creating a new source file and including it in the Makefile used to build annocheck. The modular nature of annocheck means that nothing else needs to be updated.

New tools must fill out a struct checker structure (defined in annocheck.h) and they must define a constructor function that calls annocheck_add_checker to register their presence at program start-up.

The annocheck program supports some generic command line options that are used regardless of which tools are enabled.

--debug-rpm=file

Look in file for separate dwarf debug information.

--dwarf-dir=dir

Look in dir for separate dwarf debug information files.

--help

-h

Displays the generic annobin usage information and then exits.

--help-tool

Display the usage information for tool and then exits.

--report-unknown

--ignore-unknown

-r

-i

If enabled, unknown file types are reported when they are encountered. This includes non-ELF format files, block devices and so on. Directories are not considered to be unknown and are automatically descended.

The default setting depends upon the file being processed. For rpm files the default is to ignore unknowns, since these often contain non-executable files. For other file types, including directories, the default is to report unknown files.

--ignore-links

--follow-links

-I

-f

Specifies whether symbolic links should be followed or ignored.

The default setting depends upon the file being processed. For rpm files the default is to ignore symbolic links, since these often unresolveable. For other file types, including directories, the default is to follow the links.

--prefix=text

-p text

Include text in the output description.

--quiet

-q

Do not print anything, just return an exit status.

--tmpdir=dir

-t dir

Use dir as a directory for holding temporary files.

--verbose

-v

Produce informational messages whilst working. Repeat for more information.

--version

Report the version of the tool and then exit.

--use-debuginfod

-u

Enable the use of the debuginfod service to download debuginfo rpms. This feature is enabled by default, but it is only active if support for the debuginfod server has been compiled in to annocheck.

--no-use-debuginfod

-n

Do not use the debuginfod service, even if it is available.

--enable-tool

Enable tool. Most tools are disabled by default and so need to be enabled via this option before they will act.

--disable-tool

Disable tool. Normally used to disable the hardening checker, which is enabled by default.

--tool

Enable tool and disable all other tools.

--tool-option

Pass option on to tool.

Any other command line options will be passed to the tools in turn in order to give them a chance to claim and process them.