private static StringToVersionMap BuildMinimumToolVersionsMap() { var result = new StringToVersionMap { [nameof(Language.C)] = new Version(17, 0, 65501, 17013), [nameof(Language.Cxx)] = new Version(17, 0, 65501, 17013), //[nameof(Language.MASM)] = new Version(12, 0, 0, 0), //[nameof(Language.LINK)] = new Version(17, 0, 65501, 17013), //[nameof(Language.CSharp)] = new Version(19, 0, 0, 0), //[nameof(Language.CVTRES)] = new Version(12, 0, 0, 0), [nameof(Language.Unknown)] = new Version(int.MaxValue, int.MaxValue, int.MaxValue, int.MaxValue), [MIN_XBOX_COMPILER_VER] = new Version(16, 0, 11886, 0) }; //foreach (string name in Enum.GetNames(typeof(Language))) //{ // if (!result.ContainsKey(name)) // { // // If we don't have entry for a language, fire on everything. // result[name] = new Version(int.MaxValue, int.MaxValue); // } //} return(result); }
private static StringToVersionMap BuildDefaultVulnerableBinariesMap() { var result = new StringToVersionMap(); result["msxml6.dll"] = new Version(6, 30); result["xmllite.dll"] = new Version(1, 3); result["msidcrl.dll"] = new Version(7, 0); return result; }
private static StringToVersionMap BuildMinimumToolVersionsMap() { var result = new StringToVersionMap(); result[MIN_COMPILER_VER] = new Version(17, 0, 65501, 17013); result[MIN_XBOX_COMPILER_VER] = new Version(16, 0, 11886, 0); return(result); }
private static StringToVersionMap BuildDefaultVulnerableBinariesMap() { var result = new StringToVersionMap(); result["msxml6.dll"] = new Version(6, 30); result["xmllite.dll"] = new Version(1, 3); result["msidcrl.dll"] = new Version(7, 0); return(result); }
private static StringToVersionMap BuildAllowedLibraries() { StringToVersionMap result = new StringToVersionMap(); // Example entries // result["cExample.lib,c"] = new Version("1.0.0.0") // result["cplusplusExample.lib,cxx"] = new Version("1.0.0.0") // result["masmExample.lib,masm"] = new Version("1.0.0.0") return(result); }
private static StringToVersionMap BuildAllowedLibraries() { var result = new StringToVersionMap(); // Example entries result["libeay32.lib,unknown"] = new Version("0.0.0.0"); // result["cplusplusExample.lib,cxx"] = new Version("1.0.0.0") // result["masmExample.lib,masm"] = new Version("1.0.0.0") return(result); }
private static StringToVersionMap BuildMinimumToolVersionsMap() { var result = new StringToVersionMap(); result[MIN_LINKER_VER] = new Version(11, 0, 65501, 17016); result[MIN_COMPILER_VER] = new Version(17, 0, 65501, 17016); result[MIN_XBOX_LINKER_VER] = new Version("10.0.11886.0"); result[MIN_XBOX_COMPILER_VER] = new Version("16.0.11886.0"); return(result); }
public void PropertiesDictionary_RoundTripEmptyStringToVersionMap() { const string MapKey = "MapKey"; const string ValueKey = "NewKey"; var properties = new PropertiesDictionary(); ValidateProperties(properties.GetProperty(PropertiesDictionaryProperty), PROPERTIES_DEFAULT); var version = new Version(1, 2, 3, 4); var nonDefaultValue = new StringToVersionMap(); properties[MapKey] = nonDefaultValue; properties = RoundTripThroughXml(properties); ValidateProperties(properties.GetProperty(PropertiesDictionaryProperty), PROPERTIES_DEFAULT); ((TypedPropertiesDictionary <Version>)properties[MapKey]).ContainsKey(ValueKey).Should().Be(false); }
public override void AnalyzePortableExecutableAndPdb(BinaryAnalyzerContext context) { PEBinary target = context.PEBinary(); Pdb pdb = target.Pdb; Version minCompilerVersion; minCompilerVersion = (target.PE.IsXBox) ? context.Policy.GetProperty(MinimumToolVersions)[MIN_XBOX_COMPILER_VER] : context.Policy.GetProperty(MinimumToolVersions)[MIN_COMPILER_VER]; TruncatedCompilandRecordList badModuleList = new TruncatedCompilandRecordList(); StringToVersionMap allowedLibraries = context.Policy.GetProperty(AllowedLibraries); foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator()) { Symbol om = omView.Value; ObjectModuleDetails omDetails = om.GetObjectModuleDetails(); if (omDetails.WellKnownCompiler != WellKnownCompilers.MicrosoftNativeCompiler) { continue; } // See if the item is in our skip list if (!string.IsNullOrEmpty(om.Lib)) { string libFileName = string.Concat(System.IO.Path.GetFileName(om.Lib), ",", omDetails.Language.ToString()).ToLowerInvariant(); Version minAllowedVersion; if (allowedLibraries.TryGetValue(libFileName, out minAllowedVersion) && omDetails.CompilerVersion >= minAllowedVersion) { continue; } } Version actualVersion; Version minimumVersion; Language omLanguage = omDetails.Language; switch (omLanguage) { case Language.C: case Language.Cxx: actualVersion = Minimum(omDetails.CompilerVersion, omDetails.CompilerFrontEndVersion); minimumVersion = minCompilerVersion; break; default: continue; } bool foundIssue = actualVersion < minimumVersion; AdvancedMitigations advancedMitigations = context.Policy.GetProperty(AdvancedMitigationsEnforced); if (!foundIssue && (advancedMitigations & AdvancedMitigations.Spectre) == AdvancedMitigations.Spectre) { ExtendedMachine machineType = (ExtendedMachine)target.PE.Machine; // Current toolchain is within the version range to validate. // Now we'll retrieve relevant compiler mitigation details to // ensure this object module's build and revision meet // expectations. CompilerMitigations newMitigationData = EnableSpectreMitigations.GetAvailableMitigations(context, machineType, actualVersion); // Current compiler version does not support Spectre mitigations. foundIssue = !newMitigationData.HasFlag(CompilerMitigations.D2GuardSpecLoadAvailable) && !newMitigationData.HasFlag(CompilerMitigations.QSpectreAvailable); if (foundIssue) { // Get the closest compiler version that has mitigations--i.e. if the user is using a 19.0 (VS2015) compiler, we should be recommending an upgrade to the // 19.0 version that has the mitigations, not an upgrade to a 19.10+ (VS2017) compiler. // Limitation--if there are multiple 'upgrade to' versions to recommend, this just going to give users the last one we see in the error. minCompilerVersion = EnableSpectreMitigations.GetClosestCompilerVersionWithSpectreMitigations(context, machineType, actualVersion); // Indicates Spectre mitigations are not supported on this platform. We won't flag this case. if (minCompilerVersion == null) { foundIssue = false; } } } if (foundIssue) { // built with {0} compiler version {1} (Front end version: {2}) badModuleList.Add( om.CreateCompilandRecordWithSuffix( String.Format(CultureInfo.InvariantCulture, RuleResources.BA2006_Error_BadModule, omLanguage, omDetails.CompilerVersion, omDetails.CompilerFrontEndVersion))); } } if (!badModuleList.Empty) { // '{0}' was compiled with one or more modules which were not built using // minimum required tool versions (compiler version {1}). More recent toolchains // contain mitigations that make it more difficult for an attacker to exploit // vulnerabilities in programs they produce. To resolve this issue, compile // and /or link your binary with more recent tools. If you are servicing a // product where the tool chain cannot be modified (e.g. producing a hotfix // for an already shipped version) ignore this warning. Modules built outside // of policy: {2} context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Error, context, null, nameof(RuleResources.BA2006_Error), context.TargetUri.GetFileName(), minCompilerVersion.ToString(), badModuleList.CreateSortedObjectList())); return; } // All linked modules of '{0}' generated by the Microsoft front-end // satisfy configured policy (compiler minimum version {1}). context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Pass, context, null, nameof(RuleResources.BA2006_Pass), context.TargetUri.GetFileName(), minCompilerVersion.ToString())); }
public override void AnalyzePortableExecutableAndPdb(BinaryAnalyzerContext context) { PEBinary target = context.PEBinary(); Machine reflectionMachineType = target.PE.Machine; // The current Machine enum does not have support for Arm64, so translate to our Machine enum ExtendedMachine machineType = (ExtendedMachine)reflectionMachineType; if (!machineType.CanBeMitigated()) { // QUESTION: // Machine HW is unsupported for mitigations... // should this be in the CanAnalyze() method or here and issue a warning? return; } Pdb pdb = target.Pdb; TruncatedCompilandRecordList masmModules = new TruncatedCompilandRecordList(); TruncatedCompilandRecordList mitigationNotEnabledModules = new TruncatedCompilandRecordList(); TruncatedCompilandRecordList mitigationDisabledInDebugBuild = new TruncatedCompilandRecordList(); TruncatedCompilandRecordList mitigationExplicitlyDisabledModules = new TruncatedCompilandRecordList(); StringToVersionMap allowedLibraries = context.Policy.GetProperty(AllowedLibraries); foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator()) { Symbol om = omView.Value; ObjectModuleDetails omDetails = om.GetObjectModuleDetails(); // See if the item is in our skip list. if (!string.IsNullOrEmpty(om.Lib)) { string libFileName = string.Concat(System.IO.Path.GetFileName(om.Lib), ",", omDetails.Language.ToString()).ToLowerInvariant(); Version minAllowedVersion; if (allowedLibraries.TryGetValue(libFileName, out minAllowedVersion) && omDetails.CompilerVersion >= minAllowedVersion) { continue; } } Version actualVersion; Language omLanguage = omDetails.Language; // We already opted-out of IL Only binaries, so only check for native languages // or those that can appear in mixed binaries. switch (omLanguage) { case Language.C: case Language.Cxx: { if (omDetails.WellKnownCompiler != WellKnownCompilers.MicrosoftNativeCompiler) { // TODO: https://github.com/Microsoft/binskim/issues/114 continue; } else { actualVersion = omDetails.CompilerVersion; } break; } case Language.MASM: { masmModules.Add(om.CreateCompilandRecord()); continue; } case Language.LINK: { // Linker is not involved in the mitigations, so no need to check version or switches at this time. continue; } case Language.CVTRES: { // Resource compiler is not involved in the mitigations, so no need to check version or switches at this time. continue; } case Language.HLSL: { // HLSL compiler is not involved in the mitigations, so no need to check version or switches at this time. continue; } // Mixed binaries (/clr) can contain non C++ compilands if they are linked in via netmodules // .NET IL should be mitigated by the runtime if any mitigations are necessary // At this point simply accept them as safe until this is disproven. case Language.CSharp: case Language.MSIL: case Language.ILASM: { continue; } case Language.Unknown: { // The linker may emit debug information for modules from static libraries that do not contribute to actual code. // do not contribute to actual code. Currently these come back as Language.Unknown :( // TODO: https://github.com/Microsoft/binskim/issues/116 continue; } default: { // TODO: https://github.com/Microsoft/binskim/issues/117 // Review unknown languages for this and all checks } continue; } // Get the appropriate compiler version against which to check this compiland. // check that we are greater than or equal to the first fully supported release: 15.6 first Version omVersion = omDetails.CompilerVersion; CompilerMitigations availableMitigations = GetAvailableMitigations(context, machineType, omVersion); if (availableMitigations == CompilerMitigations.None) { // Built with a compiler version {0} that does not support any Spectre // mitigations. We do not report here. BA2006 will fire instead. continue; } string[] mitigationSwitches = new string[] { "/Qspectre", "/guardspecload" }; SwitchState effectiveState; // Go process the command line to check for switches effectiveState = omDetails.GetSwitchState(mitigationSwitches, null, SwitchState.SwitchDisabled, OrderOfPrecedence.LastWins); if (effectiveState == SwitchState.SwitchDisabled) { SwitchState QSpectreState = SwitchState.SwitchNotFound; SwitchState d2guardspecloadState = SwitchState.SwitchNotFound; if (availableMitigations.HasFlag(CompilerMitigations.QSpectreAvailable)) { QSpectreState = omDetails.GetSwitchState(mitigationSwitches[0] /*"/Qspectre"*/, OrderOfPrecedence.LastWins); } if (availableMitigations.HasFlag(CompilerMitigations.D2GuardSpecLoadAvailable)) { // /d2xxxx options show up in the PDB without the d2 string // So search for just /guardspecload d2guardspecloadState = omDetails.GetSwitchState(mitigationSwitches[1] /*"/guardspecload"*/, OrderOfPrecedence.LastWins); } // TODO: https://github.com/Microsoft/binskim/issues/119 // We should flag cases where /d2guardspecload is enabled but the // toolset supports /qSpectre (which should be preferred). if (QSpectreState == SwitchState.SwitchNotFound && d2guardspecloadState == SwitchState.SwitchNotFound) { // Built with tools that support the Spectre mitigations but these have not been enabled. mitigationNotEnabledModules.Add(om.CreateCompilandRecord()); } else { // Built with the Spectre mitigations explicitly disabled. mitigationExplicitlyDisabledModules.Add(om.CreateCompilandRecord()); } continue; } if (!availableMitigations.HasFlag(CompilerMitigations.NonoptimizedCodeMitigated)) { string[] OdSwitches = { "/Od" }; // These switches override /Od - there is no one place to find this information on msdn at this time. string[] OptimizeSwitches = { "/O1", "/O2", "/Ox", "/Og" }; bool debugEnabled = false; if (omDetails.GetSwitchState(OdSwitches, OptimizeSwitches, SwitchState.SwitchEnabled, OrderOfPrecedence.LastWins) == SwitchState.SwitchEnabled) { debugEnabled = true; } if (debugEnabled) { // Built with /Od which disables Spectre mitigations. mitigationDisabledInDebugBuild.Add(om.CreateCompilandRecord()); continue; } } } string line; var sb = new StringBuilder(); if (!mitigationExplicitlyDisabledModules.Empty) { // The following modules were compiled with Spectre // mitigations explicitly disabled: {0} line = string.Format( RuleResources.BA2024_Error_SpectreMitigationExplicitlyDisabled, mitigationExplicitlyDisabledModules.CreateSortedObjectList()); sb.AppendLine(line); } if (!mitigationNotEnabledModules.Empty) { // The following modules were compiled with a toolset that supports // /Qspectre but the switch was not enabled on the command-line: {0} line = string.Format( RuleResources.BA2024_Error_SpectreMitigationNotEnabled, mitigationNotEnabledModules.CreateSortedObjectList()); sb.AppendLine(line); } if (!mitigationDisabledInDebugBuild.Empty) { // The following modules were compiled with optimizations disabled(/ Od), // a condition that disables Spectre mitigations: {0} line = string.Format( RuleResources.BA2024_Error_OptimizationsDisabled, mitigationDisabledInDebugBuild.CreateSortedObjectList()); sb.AppendLine(line); } if ((context.Policy.GetProperty(Reporting) & ReportingOptions.WarnIfMasmModulesPresent) == ReportingOptions.WarnIfMasmModulesPresent && !masmModules.Empty) { line = string.Format( RuleResources.BA2024_Error_MasmModulesDetected, masmModules.CreateSortedObjectList()); sb.AppendLine(line); } if (sb.Length > 0) { // '{0}' was compiled with one or more modules that do not properly enable code // generation mitigations for speculative execution side-channel attack (Spectre) // vulnerabilities. Spectre attacks can compromise hardware-based isolation, // allowing non-privileged users to retrieve potentially sensitive data from the // CPU cache. To resolve the issue, provide the /Qspectre switch on the compiler // command-line (or /d2guardspecload in cases where your compiler supports this // switch and it is not possible to update to a toolset that supports /Qspectre). // The following modules are out of policy: {1} context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Error, context, null, nameof(RuleResources.BA2024_Error), context.TargetUri.GetFileName(), sb.ToString())); return; } // All linked modules ‘{0}’ were compiled with mitigations enabled that help prevent Spectre (speculative execution side-channel attack) vulnerabilities. context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Pass, context, null, nameof(RuleResources.BA2024_Pass), context.TargetUri.GetFileName())); }
public override void AnalyzePortableExecutableAndPdb(BinaryAnalyzerContext context) { PEBinary target = context.PEBinary(); Pdb pdb = target.Pdb; /* * This is disabled for now. It's not clear that we can * actually detect when a binary is compiled with a version * of csc.exe that is too stale. The reasons are twofold: * 1) Older versions of csc.exe did not version the version * data that is persisted to the PE. i.e., '48.0' was * emitted for numerous versions of the compiler. * 2) Our PDB reader does not current appear able to crack * PDBs generated by the older C# compilers. Needs to * be investigated. * if (target.PE.IsManaged && !target.PE.IsMixedMode) * { * AnalyzeManagedPE(context); * } */ Version minCompilerVersion; var goodCompilers = new HashSet <string>(); var badModules = new List <ObjectModuleDetails>(); StringToVersionMap allowedLibraries = context.Policy.GetProperty(AllowedLibraries); var languageToBadModules = new Dictionary <Language, List <ObjectModuleDetails> >(); foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator()) { Symbol om = omView.Value; ObjectModuleDetails omDetails = om.GetObjectModuleDetails(); switch (omDetails.Language) { case Language.LINK: { continue; } case Language.C: case Language.Cxx: { minCompilerVersion = (target.PE.IsXBox) ? context.Policy.GetProperty(MinimumToolVersions)[MIN_XBOX_COMPILER_VER] : context.Policy.GetProperty(MinimumToolVersions)[nameof(Language.C)]; break; } //case Language.MASM: //{ // minCompilerVersion = // context.Policy.GetProperty(MinimumToolVersions)[nameof(Language.MASM)]; // break; //} //case Language.CVTRES: //{ // minCompilerVersion = // context.Policy.GetProperty(MinimumToolVersions)[nameof(Language.CVTRES)]; // break; //} //case Language.CSharp: //{ // minCompilerVersion = // context.Policy.GetProperty(MinimumToolVersions)[nameof(Language.CSharp)]; // break; //} case Language.Unknown: { minCompilerVersion = context.Policy.GetProperty(MinimumToolVersions)[nameof(Language.Unknown)]; break; } default: { continue; } } // See if the item is in our skip list if (!string.IsNullOrEmpty(om.Lib)) { string libFileName = string.Concat(System.IO.Path.GetFileName(om.Lib), ",", omDetails.Language.ToString()).ToLowerInvariant(); if (allowedLibraries.TryGetValue(libFileName, out Version minAllowedVersion) && omDetails.CompilerBackEndVersion >= minAllowedVersion) { continue; } } Version actualVersion; Version minimumVersion = minCompilerVersion; Language omLanguage = omDetails.Language; switch (omLanguage) { case Language.C: case Language.Cxx: { actualVersion = Minimum(omDetails.CompilerBackEndVersion, omDetails.CompilerFrontEndVersion); break; } case Language.LINK: case Language.MASM: case Language.CVTRES: { actualVersion = omDetails.CompilerBackEndVersion; break; } default: continue; } bool foundIssue = actualVersion < minimumVersion; AdvancedMitigations advancedMitigations = context.Policy.GetProperty(AdvancedMitigationsEnforced); if (!foundIssue && (advancedMitigations & AdvancedMitigations.Spectre) == AdvancedMitigations.Spectre) { var machineType = (ExtendedMachine)target.PE.Machine; // Current toolchain is within the version range to validate. // Now we'll retrieve relevant compiler mitigation details to // ensure this object module's build and revision meet // expectations. CompilerMitigations newMitigationData = EnableSpectreMitigations.GetAvailableMitigations(context, machineType, actualVersion); // Current compiler version does not support Spectre mitigations. foundIssue = !newMitigationData.HasFlag(CompilerMitigations.D2GuardSpecLoadAvailable) && !newMitigationData.HasFlag(CompilerMitigations.QSpectreAvailable); if (foundIssue) { // Get the closest compiler version that has mitigations--i.e. if the user is using a 19.0 (VS2015) compiler, we should be recommending an upgrade to the // 19.0 version that has the mitigations, not an upgrade to a 19.10+ (VS2017) compiler. // Limitation--if there are multiple 'upgrade to' versions to recommend, this just going to give users the last one we see in the error. minCompilerVersion = EnableSpectreMitigations.GetClosestCompilerVersionWithSpectreMitigations(context, machineType, actualVersion); // Indicates Spectre mitigations are not supported on this platform. We won't flag this case. if (minCompilerVersion == null) { foundIssue = false; } } } if (foundIssue) { badModules.Add(omDetails); } else { goodCompilers.Add(BuildCompilerIdentifier(omDetails)); } } if (badModules.Count != 0) { string badModulesText = badModules.CreateOutputCoalescedByCompiler(); string minimumRequiredCompilers = BuildMinimumCompilersList(context, languageToBadModules); // '{0}' was compiled with one or more modules which were not built using // minimum required tool versions ({1}). More recent toolchains // contain mitigations that make it more difficult for an attacker to exploit // vulnerabilities in programs they produce. To resolve this issue, compile // and /or link your binary with more recent tools. If you are servicing a // product where the tool chain cannot be modified (e.g. producing a hotfix // for an already shipped version) ignore this warning. Modules built outside // of policy: {2} context.Logger.Log(this, RuleUtilities.BuildResult(FailureLevel.Error, context, null, nameof(RuleResources.BA2006_Error), context.TargetUri.GetFileName(), minimumRequiredCompilers, badModulesText)); return; } string[] sorted = goodCompilers.ToArray(); Array.Sort(sorted); // All linked modules of '{0}' satisfy configured policy (observed compilers: {1}). context.Logger.Log(this, RuleUtilities.BuildResult(ResultKind.Pass, context, null, nameof(RuleResources.BA2006_Pass), context.TargetUri.GetFileName(), string.Join(", ", sorted))); }
private static StringToVersionMap BuildAllowedLibraries() { StringToVersionMap result = new StringToVersionMap(); result["xboxkrnl.lib,C"] = new Version("1.0.0.0"); result["xboxkrnl.lib,Cxx"] = new Version("1.0.0.0"); result["xboxkrnl.lib,MASM"] = new Version("1.0.0.0"); result["adsiid.lib,C"] = new Version("15.0.30729.207"); result["ahadmin.lib,Cxx"] = new Version("15.0.30729.165"); result["amstrmid.lib,C"] = new Version("15.0.30729.207"); result["aux_ulib.lib,C"] = new Version("15.0.30729.207"); result["bits.lib,C"] = new Version("15.0.30729.207"); result["certidl.lib,C"] = new Version("15.0.30729.207"); result["clfsmgmt.lib,Cxx"] = new Version("15.0.30729.207"); result["corguids.lib,C"] = new Version("16.0.30311.1"); result["dinput8.lib,C"] = new Version("15.0.30729.165"); result["dmoguids.lib,C"] = new Version("15.0.30729.207"); result["dtchelp.lib,Cxx"] = new Version("15.0.30729.165"); result["ehstorguids.lib,Cxx"] = new Version("15.0.30729.207"); result["fci.lib,C"] = new Version("15.0.30729.165"); result["fdi.lib,C"] = new Version("15.0.30729.165"); result["fileextd.lib,MASM"] = new Version("9.0.30729.165"); result["fileextd.lib,C"] = new Version("15.0.30729.165"); result["format.lib,Cxx"] = new Version("16.0.30311.1"); result["gdiplus.lib,Cxx"] = new Version("15.0.30729.165"); result["gpmuuid.lib,C"] = new Version("15.0.30729.165"); result["htmlhelp.lib,Cxx"] = new Version("15.0.30729.165"); result["iepmapi.lib,Cxx"] = new Version("15.0.30729.165"); result["ksguid.lib,C"] = new Version("15.0.30729.207"); result["ksuser.lib,C"] = new Version("15.0.30729.207"); result["locationapi.lib,Cxx"] = new Version("15.0.30729.207"); result["mbnapi_uuid.lib,C"] = new Version("15.0.30729.165"); result["mfuuid.lib,Cxx"] = new Version("15.0.30729.207"); result["mfuuid.lib,C"] = new Version("15.0.30729.207"); result["mmc.lib,Cxx"] = new Version("15.0.30729.165"); result["mmc.lib,C"] = new Version("15.0.30729.165"); result["mqoa.lib,C"] = new Version("15.0.30729.165"); result["msdasc.lib,C"] = new Version("15.0.30729.165"); result["mstask.lib,Cxx"] = new Version("15.0.30729.165"); result["msxml2.lib,C"] = new Version("15.0.30729.165"); result["msxml6.lib,C"] = new Version("15.0.30729.165"); result["muiload.lib,Cxx"] = new Version("15.0.30729.207"); result["muiload.lib,C"] = new Version("15.0.30729.207"); result["odbccp32.lib,C"] = new Version("15.0.30729.165"); result["oledb.lib,C"] = new Version("15.0.30729.165"); result["osptk.lib,C"] = new Version("15.0.30729.165"); result["photoacquireuid.lib,Cxx"] = new Version("15.0.30729.207"); result["portabledeviceguids.lib,Cxx"] = new Version("15.0.30729.207"); result["sapi.lib,C"] = new Version("15.0.30729.165"); result["sbtsv.lib,C"] = new Version("15.0.30729.207"); result["scrnsave.lib,C"] = new Version("15.0.30729.165"); result["scrnsavw.lib,C"] = new Version("15.0.30729.165"); result["searchsdk.lib,C"] = new Version("15.0.30729.207"); result["sensorsapi.lib,Cxx"] = new Version("15.0.30729.207"); result["shell32.lib,C"] = new Version("15.0.30729.207"); result["srclient.lib,Cxx"] = new Version("15.0.30729.165"); result["strmiids.lib,C"] = new Version("15.0.30729.207"); result["strsafe.lib,C"] = new Version("15.0.30729.165"); result["structuredquery.lib,C"] = new Version("15.0.30729.165"); result["svcguid.lib,C"] = new Version("15.0.30729.165"); result["taskschd.lib,C"] = new Version("15.0.30729.165"); result["transcodeimageuid.lib,Cxx"] = new Version("15.0.30729.165"); result["tspubplugincom.lib,C"] = new Version("15.0.30729.207"); result["unicows.lib,C"] = new Version("15.0.30729.165"); result["uuid.lib,C"] = new Version("15.0.30729.165"); result["uuid.lib,Cxx"] = new Version("15.0.30729.207"); result["vds_uuid.lib,C"] = new Version("15.0.30729.207"); result["vpccominterfaces.lib,C"] = new Version("15.0.30729.207"); result["vss_uuid.lib,C"] = new Version("15.0.30729.207"); result["wbemuuid.lib,C"] = new Version("15.0.30729.165"); result["wcmguid.lib,C"] = new Version("15.0.30729.165"); result["wiaguid.lib,C"] = new Version("15.0.30729.207"); result["windowscodecs.lib,Cxx"] = new Version("15.0.30729.207"); result["windowssideshowguids.lib,Cxx"] = new Version("15.0.30729.207"); result["winstrm.lib,C"] = new Version("15.0.30729.165"); result["wmcodecdspuuid.lib,C"] = new Version("15.0.30729.207"); result["workspaceax.lib,C"] = new Version("15.0.30729.207"); result["ws2_32.lib,C"] = new Version("15.0.30729.165"); result["wsbapp_uuid.lib,C"] = new Version("15.0.30729.165"); result["wuguid.lib,C"] = new Version("15.0.30729.165"); result["xaswitch.lib,Cxx"] = new Version("15.0.30729.165"); result["comsupp.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppd.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppw.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppwd.lib,Cxx"] = new Version("16.0.30319.1"); result["delayimp.lib,Cxx"] = new Version("16.0.30319.1"); result["libcmt.lib,Cxx"] = new Version("16.0.40219.1"); result["libcmt.lib,C"] = new Version("16.0.40219.1"); result["libcmt.lib,MASM"] = new Version("10.0.40219.1"); result["libcmtd.lib,Cxx"] = new Version("16.0.40219.1"); result["libcmtd.lib,C"] = new Version("16.0.40219.1"); result["libcmtd.lib,MASM"] = new Version("10.0.40219.1"); result["libcpmt.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmt.lib,C"] = new Version("16.0.40219.1"); result["libcpmt1.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmt1.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd0.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd0.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd1.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd1.lib,C"] = new Version("16.0.40219.1"); result["msvcmrt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcmrtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcprt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcprtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrt.lib,MASM"] = new Version("10.0.40219.1"); result["msvcrt.lib,C"] = new Version("16.0.40219.1"); result["msvcrtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrtd.lib,MASM"] = new Version("10.0.40219.1"); result["msvcrtd.lib,C"] = new Version("16.0.40219.1"); result["msvcurt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcurtd.lib,Cxx"] = new Version("16.0.40219.1"); result["pgobootrun.lib,Cxx"] = new Version("16.0.30319.1"); result["pgort.lib,Cxx"] = new Version("16.0.30319.1"); result["ptrustm.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustmd.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustu.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustud.lib,Cxx"] = new Version("16.0.40219.1"); result["runtmchk.lib,Cxx"] = new Version("16.0.30319.1"); result["runtmchk.lib,C"] = new Version("16.0.30319.1"); result["runtmchk.lib,MASM"] = new Version("10.0.30319.1"); result["vcomp.lib,MASM"] = new Version("10.0.40219.1"); result["vcompd.lib,MASM"] = new Version("10.0.40219.1"); result["pgort.lib,MASM"] = new Version("10.0.30319.1"); result["atl.lib,C"] = new Version("16.0.30319.1"); result["atls.lib,C"] = new Version("16.0.30319.1"); result["atlsd.lib,C"] = new Version("16.0.30319.1"); result["mfc100.lib,C"] = new Version("16.0.30319.1"); result["mfc100u.lib,C"] = new Version("16.0.30319.1"); result["mfc100d.lib,C"] = new Version("16.0.30319.1"); result["mfc100ud.lib,C"] = new Version("16.0.30319.1"); result["mfcm100.lib,C"] = new Version("16.0.30319.1"); result["mfcm100d.lib,C"] = new Version("16.0.30319.1"); result["mfcm100u.lib,C"] = new Version("16.0.30319.1"); result["mfcm100ud.lib,C"] = new Version("16.0.30319.1"); result["mfcs100.lib,C"] = new Version("16.0.30319.1"); result["mfcs100d.lib,C"] = new Version("16.0.30319.1"); result["mfcs100u.lib,C"] = new Version("16.0.30319.1"); result["mfcs100ud.lib,C"] = new Version("16.0.30319.1"); result["nafxcw.lib,C"] = new Version("16.0.30319.1"); result["nafxcwd.lib,C"] = new Version("16.0.30319.1"); result["uafxcw.lib,C"] = new Version("16.0.30319.1"); result["uafxcwd.lib,C"] = new Version("16.0.30319.1"); result["atl.lib,Cxx"] = new Version("16.0.30319.1"); result["atls.lib,Cxx"] = new Version("16.0.30319.1"); result["atlsd.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["nafxcw.lib,Cxx"] = new Version("16.0.30319.1"); result["nafxcwd.lib,Cxx"] = new Version("16.0.30319.1"); result["uafxcw.lib,Cxx"] = new Version("16.0.30319.1"); result["uafxcwd.lib,Cxx"] = new Version("16.0.30319.1"); return(result); }
public override void Analyze(BinaryAnalyzerContext context) { PEHeader peHeader = context.PE.PEHeaders.PEHeader; Pdb pdb = context.Pdb; if (pdb == null) { Errors.LogExceptionLoadingPdb(context, context.PdbParseException); return; } Version minLinkVersion; Version minCompilerVersion; if (context.PE.IsXBox) { minCompilerVersion = context.Policy.GetProperty(MinimumToolVersions)[MIN_XBOX_COMPILER_VER]; minLinkVersion = context.Policy.GetProperty(MinimumToolVersions)[MIN_XBOX_LINKER_VER]; } else { minCompilerVersion = context.Policy.GetProperty(MinimumToolVersions)[MIN_COMPILER_VER]; minLinkVersion = context.Policy.GetProperty(MinimumToolVersions)[MIN_LINKER_VER]; } TruncatedCompilandRecordList badModuleList = new TruncatedCompilandRecordList(); StringToVersionMap allowedLibraries = context.Policy.GetProperty(AllowedLibraries); foreach (DisposableEnumerableView <Symbol> omView in pdb.CreateObjectModuleIterator()) { Symbol om = omView.Value; ObjectModuleDetails omDetails = om.GetObjectModuleDetails(); // see if the item is in our skip list if (!string.IsNullOrEmpty(om.Lib)) { string libFileName = string.Concat(System.IO.Path.GetFileName(om.Lib), ",", omDetails.Language.ToString()).ToLowerInvariant(); Version minAllowedVersion; if (allowedLibraries.TryGetValue(libFileName, out minAllowedVersion) && omDetails.CompilerVersion >= minAllowedVersion) { continue; } } Version actualVersion; Version minimumVersion; Language omLanguage = omDetails.Language; switch (omLanguage) { case Language.C: case Language.Cxx: actualVersion = Minimum(omDetails.CompilerVersion, omDetails.CompilerFrontEndVersion); minimumVersion = minCompilerVersion; break; case Language.MASM: // TODO verify this actualVersion = omDetails.CompilerVersion; minimumVersion = minLinkVersion; break; case Language.LINK: continue; default: continue; } if (actualVersion < minimumVersion) { // built with {0} compiler version {1} (Front end version: {2}) badModuleList.Add( om.CreateCompilandRecordWithSuffix( String.Format(CultureInfo.InvariantCulture, RuleResources.BA2006_Error_BadModule, omLanguage, omDetails.CompilerVersion, omDetails.CompilerFrontEndVersion))); } } if (!badModuleList.Empty) { // '{0}' was compiled with one or more modules which were not built using minimum // required tool versions (compiler version {1}, linker version {2}). More recent // tool chains contain mitigations that make it more difficult for an attacker to // exploit vulnerabilities in programs they produce. To resolve this issue, // compile and/or link your binary with more recent tools. If you are servicing a // product where the tool chain cannot be modified (e.g. producing a hotfix for // an already shipped version) ignore this warning. // Modules built outside of policy: {3} context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Error, context, null, nameof(RuleResources.BA2006_Error), context.TargetUri.GetFileName(), minCompilerVersion.ToString(), minLinkVersion.ToString(), badModuleList.CreateSortedObjectList())); return; } // '{0}' was built with a tool chain that satisfies configured policy // (compiler minimum version {1}, linker minimum version {2}). context.Logger.Log(this, RuleUtilities.BuildResult(ResultLevel.Pass, context, null, nameof(RuleResources.BA2006_Pass), context.TargetUri.GetFileName(), minCompilerVersion.ToString(), minLinkVersion.ToString())); }
private static StringToVersionMap BuildMinimumToolVersionsMap() { var result = new StringToVersionMap(); result[MIN_LINKER_VER] = new Version(11, 0, 65501, 17016); result[MIN_COMPILER_VER] = new Version(17, 0, 65501, 17016); result[MIN_XBOX_LINKER_VER] = new Version("10.0.11886.0"); result[MIN_XBOX_COMPILER_VER] = new Version("16.0.11886.0"); return result; }
private static StringToVersionMap BuildAllowedLibraries() { StringToVersionMap result = new StringToVersionMap(); result["xboxkrnl.lib,C"] = new Version("1.0.0.0"); result["xboxkrnl.lib,Cxx"] = new Version("1.0.0.0"); result["xboxkrnl.lib,MASM"] = new Version("1.0.0.0"); result["adsiid.lib,C"] = new Version("15.0.30729.207"); result["ahadmin.lib,Cxx"] = new Version("15.0.30729.165"); result["amstrmid.lib,C"] = new Version("15.0.30729.207"); result["aux_ulib.lib,C"] = new Version("15.0.30729.207"); result["bits.lib,C"] = new Version("15.0.30729.207"); result["certidl.lib,C"] = new Version("15.0.30729.207"); result["clfsmgmt.lib,Cxx"] = new Version("15.0.30729.207"); result["corguids.lib,C"] = new Version("16.0.30311.1"); result["dinput8.lib,C"] = new Version("15.0.30729.165"); result["dmoguids.lib,C"] = new Version("15.0.30729.207"); result["dtchelp.lib,Cxx"] = new Version("15.0.30729.165"); result["ehstorguids.lib,Cxx"] = new Version("15.0.30729.207"); result["fci.lib,C"] = new Version("15.0.30729.165"); result["fdi.lib,C"] = new Version("15.0.30729.165"); result["fileextd.lib,MASM"] = new Version("9.0.30729.165"); result["fileextd.lib,C"] = new Version("15.0.30729.165"); result["format.lib,Cxx"] = new Version("16.0.30311.1"); result["gdiplus.lib,Cxx"] = new Version("15.0.30729.165"); result["gpmuuid.lib,C"] = new Version("15.0.30729.165"); result["htmlhelp.lib,Cxx"] = new Version("15.0.30729.165"); result["iepmapi.lib,Cxx"] = new Version("15.0.30729.165"); result["ksguid.lib,C"] = new Version("15.0.30729.207"); result["ksuser.lib,C"] = new Version("15.0.30729.207"); result["locationapi.lib,Cxx"] = new Version("15.0.30729.207"); result["mbnapi_uuid.lib,C"] = new Version("15.0.30729.165"); result["mfuuid.lib,Cxx"] = new Version("15.0.30729.207"); result["mfuuid.lib,C"] = new Version("15.0.30729.207"); result["mmc.lib,Cxx"] = new Version("15.0.30729.165"); result["mmc.lib,C"] = new Version("15.0.30729.165"); result["mqoa.lib,C"] = new Version("15.0.30729.165"); result["msdasc.lib,C"] = new Version("15.0.30729.165"); result["mstask.lib,Cxx"] = new Version("15.0.30729.165"); result["msxml2.lib,C"] = new Version("15.0.30729.165"); result["msxml6.lib,C"] = new Version("15.0.30729.165"); result["muiload.lib,Cxx"] = new Version("15.0.30729.207"); result["muiload.lib,C"] = new Version("15.0.30729.207"); result["odbccp32.lib,C"] = new Version("15.0.30729.165"); result["oledb.lib,C"] = new Version("15.0.30729.165"); result["osptk.lib,C"] = new Version("15.0.30729.165"); result["photoacquireuid.lib,Cxx"] = new Version("15.0.30729.207"); result["portabledeviceguids.lib,Cxx"] = new Version("15.0.30729.207"); result["sapi.lib,C"] = new Version("15.0.30729.165"); result["sbtsv.lib,C"] = new Version("15.0.30729.207"); result["scrnsave.lib,C"] = new Version("15.0.30729.165"); result["scrnsavw.lib,C"] = new Version("15.0.30729.165"); result["searchsdk.lib,C"] = new Version("15.0.30729.207"); result["sensorsapi.lib,Cxx"] = new Version("15.0.30729.207"); result["shell32.lib,C"] = new Version("15.0.30729.207"); result["srclient.lib,Cxx"] = new Version("15.0.30729.165"); result["strmiids.lib,C"] = new Version("15.0.30729.207"); result["strsafe.lib,C"] = new Version("15.0.30729.165"); result["structuredquery.lib,C"] = new Version("15.0.30729.165"); result["svcguid.lib,C"] = new Version("15.0.30729.165"); result["taskschd.lib,C"] = new Version("15.0.30729.165"); result["transcodeimageuid.lib,Cxx"] = new Version("15.0.30729.165"); result["tspubplugincom.lib,C"] = new Version("15.0.30729.207"); result["unicows.lib,C"] = new Version("15.0.30729.165"); result["uuid.lib,C"] = new Version("15.0.30729.165"); result["uuid.lib,Cxx"] = new Version("15.0.30729.207"); result["vds_uuid.lib,C"] = new Version("15.0.30729.207"); result["vpccominterfaces.lib,C"] = new Version("15.0.30729.207"); result["vss_uuid.lib,C"] = new Version("15.0.30729.207"); result["wbemuuid.lib,C"] = new Version("15.0.30729.165"); result["wcmguid.lib,C"] = new Version("15.0.30729.165"); result["wiaguid.lib,C"] = new Version("15.0.30729.207"); result["windowscodecs.lib,Cxx"] = new Version("15.0.30729.207"); result["windowssideshowguids.lib,Cxx"] = new Version("15.0.30729.207"); result["winstrm.lib,C"] = new Version("15.0.30729.165"); result["wmcodecdspuuid.lib,C"] = new Version("15.0.30729.207"); result["workspaceax.lib,C"] = new Version("15.0.30729.207"); result["ws2_32.lib,C"] = new Version("15.0.30729.165"); result["wsbapp_uuid.lib,C"] = new Version("15.0.30729.165"); result["wuguid.lib,C"] = new Version("15.0.30729.165"); result["xaswitch.lib,Cxx"] = new Version("15.0.30729.165"); result["comsupp.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppd.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppw.lib,Cxx"] = new Version("16.0.30319.1"); result["comsuppwd.lib,Cxx"] = new Version("16.0.30319.1"); result["delayimp.lib,Cxx"] = new Version("16.0.30319.1"); result["libcmt.lib,Cxx"] = new Version("16.0.40219.1"); result["libcmt.lib,C"] = new Version("16.0.40219.1"); result["libcmt.lib,MASM"] = new Version("10.0.40219.1"); result["libcmtd.lib,Cxx"] = new Version("16.0.40219.1"); result["libcmtd.lib,C"] = new Version("16.0.40219.1"); result["libcmtd.lib,MASM"] = new Version("10.0.40219.1"); result["libcpmt.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmt.lib,C"] = new Version("16.0.40219.1"); result["libcpmt1.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmt1.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd0.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd0.lib,C"] = new Version("16.0.40219.1"); result["libcpmtd1.lib,Cxx"] = new Version("16.0.40219.1"); result["libcpmtd1.lib,C"] = new Version("16.0.40219.1"); result["msvcmrt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcmrtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcprt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcprtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrt.lib,MASM"] = new Version("10.0.40219.1"); result["msvcrt.lib,C"] = new Version("16.0.40219.1"); result["msvcrtd.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcrtd.lib,MASM"] = new Version("10.0.40219.1"); result["msvcrtd.lib,C"] = new Version("16.0.40219.1"); result["msvcurt.lib,Cxx"] = new Version("16.0.40219.1"); result["msvcurtd.lib,Cxx"] = new Version("16.0.40219.1"); result["pgobootrun.lib,Cxx"] = new Version("16.0.30319.1"); result["pgort.lib,Cxx"] = new Version("16.0.30319.1"); result["ptrustm.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustmd.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustu.lib,Cxx"] = new Version("16.0.40219.1"); result["ptrustud.lib,Cxx"] = new Version("16.0.40219.1"); result["runtmchk.lib,Cxx"] = new Version("16.0.30319.1"); result["runtmchk.lib,C"] = new Version("16.0.30319.1"); result["runtmchk.lib,MASM"] = new Version("10.0.30319.1"); result["vcomp.lib,MASM"] = new Version("10.0.40219.1"); result["vcompd.lib,MASM"] = new Version("10.0.40219.1"); result["pgort.lib,MASM"] = new Version("10.0.30319.1"); result["atl.lib,C"] = new Version("16.0.30319.1"); result["atls.lib,C"] = new Version("16.0.30319.1"); result["atlsd.lib,C"] = new Version("16.0.30319.1"); result["mfc100.lib,C"] = new Version("16.0.30319.1"); result["mfc100u.lib,C"] = new Version("16.0.30319.1"); result["mfc100d.lib,C"] = new Version("16.0.30319.1"); result["mfc100ud.lib,C"] = new Version("16.0.30319.1"); result["mfcm100.lib,C"] = new Version("16.0.30319.1"); result["mfcm100d.lib,C"] = new Version("16.0.30319.1"); result["mfcm100u.lib,C"] = new Version("16.0.30319.1"); result["mfcm100ud.lib,C"] = new Version("16.0.30319.1"); result["mfcs100.lib,C"] = new Version("16.0.30319.1"); result["mfcs100d.lib,C"] = new Version("16.0.30319.1"); result["mfcs100u.lib,C"] = new Version("16.0.30319.1"); result["mfcs100ud.lib,C"] = new Version("16.0.30319.1"); result["nafxcw.lib,C"] = new Version("16.0.30319.1"); result["nafxcwd.lib,C"] = new Version("16.0.30319.1"); result["uafxcw.lib,C"] = new Version("16.0.30319.1"); result["uafxcwd.lib,C"] = new Version("16.0.30319.1"); result["atl.lib,Cxx"] = new Version("16.0.30319.1"); result["atls.lib,Cxx"] = new Version("16.0.30319.1"); result["atlsd.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfc100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcm100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100d.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100u.lib,Cxx"] = new Version("16.0.30319.1"); result["mfcs100ud.lib,Cxx"] = new Version("16.0.30319.1"); result["nafxcw.lib,Cxx"] = new Version("16.0.30319.1"); result["nafxcwd.lib,Cxx"] = new Version("16.0.30319.1"); result["uafxcw.lib,Cxx"] = new Version("16.0.30319.1"); result["uafxcwd.lib,Cxx"] = new Version("16.0.30319.1"); return result; }