RWX DLL Scanner is a utility written in C++ that scans a list of DLL files to identify signed sections with read, write, and execute permissions (RWX). The utility checks for the presence of a security directory in the optional header to detect digitally signed sections.
- Scans DLL files for RWX sections.
- Detects digitally signed sections using the security directory.
- Provides information about the identified sections.
- Distinguishes between 32-bit and 64-bit DLLs.
- Create a text file named
dlls.txtcontaining the list of DLL filenames to be scanned. - Run the executable, and it will process each DLL file in the list.
RWXDLLScanner.exeTo generate the dlls.txt file, you can use the DLL Finder utility, which scans all available drives and extracts the list of DLL files.
DllFinder.exeMake sure you have a C++ compiler and the necessary dependencies installed. Use the following commands to build the executable:
g++ -std=c++2a -Wall -O2 -march=x86-64 -fno-rtti RWXDLLScanner.cpp -o RWXDLLScanner.exe -s -staticConsider the following example output:
section0: ".text"
32-bit dll: "example.dll"In this example, the utility found a RWX section named ".text" in the "example.dll" file.
- The utility skips files that cannot be opened or have invalid DOS or NT headers.
- Minimum section size for consideration is set to 0x64000.
This program is Free Software: You can use, study share and improve it at your will. Specifically you can redistribute and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.