AD2035: PeReportCompilerDataDwarf¶
Summary¶
| Property | Value |
|---|---|
| ID | AD2035 |
| Name | PeReportCompilerDataDwarf |
| Category | Reporting |
| Severity | Note |
| Applies to | PE (Windows, MinGW/GCC compiled) |
Description¶
This rule extracts and reports compiler information from DWARF debug sections in PE binaries compiled with GCC/MinGW toolchains. This is an informational rule to help understand the build configuration.
How It Works¶
The rule parses DWARF debug information to extract:
- Compiler name and version
- Compilation flags used
- Language standard
- Optimization level
- Security-relevant options
Why This Matters¶
Understanding the compiler configuration helps assess the security posture of binaries compiled with non-MSVC toolchains.
Information Extracted¶
| Data | Example |
|---|---|
| Compiler | GCC 13.2.0 |
| Language | C11, C++20 |
| Optimization | -O2, -Os |
| Security flags | -fstack-protector-strong |
| Debug info | DWARF 5 |
DWARF Compilation Unit Attributes¶
| Attribute | Information |
|---|---|
| DW_AT_producer | Compiler version string |
| DW_AT_language | Source language |
| DW_AT_comp_dir | Compilation directory |
| DW_AT_name | Source file name |
Cross-Toolchain Analysis¶
PE Binary Analysis:
├── MSVC compiled → Use PDB analysis (AD4001)
├── GCC/MinGW compiled → Use DWARF analysis (AD2035)
└── Clang compiled → Either PDB or DWARF
Output Example¶
{
"compiler": "GNU C17 13.2.0",
"flags": "-O2 -fstack-protector-strong -fPIE",
"language": "C17",
"optimization": "O2"
}
Resolution¶
This is an informational rule. Review the reported data to ensure appropriate security flags were used during compilation.