1 1 4 Analysing binary files. 1 ************************* 1 1 annocheck 1 [-h | -help] 1 [-help-TOOL] 1 [-version] 1 [-v | -verbose] 1 [-q | -quiet] 1 [-i | -ignore-unknown] 1 [-r | -report-unknown] 1 [-f | -follow-links] 1 [-I | -ignore-links] 1 [-debug-rpm=FILE] 1 [-dwarf-dir=DIR] 1 [-p TEXT | -prefix=TEXT] 1 [-t DIR | -tmpdir=DIR] 1 [-u | -use-debuginfod] 1 [-n | -no-use-debuginfod] 1 [-enable-TOOL] 1 [-disable-TOOL] 1 [-TOOL-OPTION] 1 FILE... 1 1 The 'annocheck' program can analyse binary files and report 1 information about them. It is designed to be modular, with a set of 1 self-contained tools providing the checking functionality. Currently 1 the following tools are implemented: 1
1 · Built By Which tool(s) were used to build the file(s) ? · Hardened Were the file(s) built with the correct security options ? · Notes What annobin notes are inside the file(s) ? · Size What is the cumulative size of specific sections in the file(s) ? · Timing How long did the checks take ? 1 1 The 'annocheck' program is able to scan inside rpm files and 1 libraries. It will automatically recurse into any directories that are 1 specified on the command line. In addition 'annocheck' knows how to 1 find debug information held in separate debug files, and it will search 1 for these whenever it needs the resources that they contain. 1 1 New tools can be added to the annocheck framework by creating a new 1 source file and including it in the 'Makefile' used to build 1 'annocheck'. The modular nature of 'annocheck' means that nothing else 1 needs to be updated. 1 1 New tools must fill out a 'struct checker' structure (defined in 1 'annocheck.h') and they must define a constructor function that calls 1 'annocheck_add_checker' to register their presence at program start-up. 1 1 The 'annocheck' program supports some generic command line options 1 that are used regardless of which tools are enabled. 1 1 '--debug-rpm=FILE' 1 Look in FILE for separate dwarf debug information. 1 1 '--dwarf-dir=DIR' 1 Look in DIR for separate dwarf debug information files. 1 1 '--help' 1 '-h' 1 Displays the generic annobin usage information and then exits. 1 1 '--help-TOOL' 1 Display the usage information for TOOL and then exits. 1 1 '--report-unknown' 1 '--ignore-unknown' 1 '-r' 1 '-i' 1 If enabled, unknown file types are reported when they are 1 encountered. This includes non-ELF format files, block devices and 1 so on. Directories are not considered to be unknown and are 1 automatically descended. 1 1 The default setting depends upon the file being processed. For rpm 1 files the default is to ignore unknowns, since these often contain 1 non-executable files. For other file types, including directories, 1 the default is to report unknown files. 1 1 '--ignore-links' 1 '--follow-links' 1 '-I' 1 '-f' 1 Specifies whether symbolic links should be followed or ignored. 1 1 The default setting depends upon the file being processed. For rpm 1 files the default is to ignore symbolic links, since these often 1 unresolveable. For other file types, including directories, the 1 default is to follow the links. 1 1 '--prefix=TEXT' 1 '-p TEXT' 1 Include TEXT in the output description. 1 1 '--quiet' 1 '-q' 1 Do not print anything, just return an exit status. 1 1 '--tmpdir=DIR' 1 '-t DIR' 1 Use DIR as a directory for holding temporary files. 1 1 '--verbose' 1 '-v' 1 Produce informational messages whilst working. Repeat for more 1 information. 1 1 '--version' 1 Report the version of the tool and then exit. 1 1 '--use-debuginfod' 1 '-u' 1 Enable the use of the debuginfod service to download debuginfo 1 rpms. This feature is enabled by default, but it is only active if 1 support for the debuginfod server has been compiled in to 1 annocheck. 1 1 '--no-use-debuginfod' 1 '-n' 1 Do not use the debuginfod service, even if it is available. 1 1 '--enable-TOOL' 1 Enable TOOL. Most tools are disabled by default and so need to be 1 enabled via this option before they will act. 1 1 '--disable-TOOL' 1 Disable TOOL. Normally used to disable the hardening checker, 1 which is enabled by default. 1 1 '--TOOL-OPTION' 1 Pass OPTION on to TOOL. 1 1 Any other command line options will be passed to the tools in turn in 1 order to give them a chance to claim and process them. 1