Skip to main content
Skip to main content
Microsoft Security

New Version of BinScope Binary Analyzer

  • SDL Team

We are delighted to announce the availability of an updated version of the BinScope Binary Analyzer, Microsoft BinScope version 2014. BinScope is a tool used during the Security Development Lifecycle (SDL) verification phase. It is available as a free download from the Microsoft Download Center here.

BinScope was designed to help detect potential vulnerabilities that can be introduced into Binary files. The checks it implements examine application binary files to identify coding and build practices that can potentially render the application vulnerable to attack or to being used as an exploit attack vector.

The specific changes in BinScope 2014 Update include:

  • Correctly handles CompilerWarningsCheck with the use of –W4 on the command line.
  • Correctly processes the warning levels which are explicitly enabled from the command line.
  • The __declspec(safebuffers) check no longer fires on GsDriverEntry for x86 drivers.
  • ATL version check now fails on known bad ATL headers only; no longer produces failures on unknown ATL headers.
  • Removed deprecated switches from showing as part of /?.
  • Allows new-line delimited file lists getting parsed as response files.

BinScope 2014 Update is inclusive of all the improvements that were part of BinScope 2014, such as:

Improved Diagnostic Messages

A key focus for BinScope 2014 was to ensure that diagnostic messages are clear and actionable for engineers when a potential vulnerability is detected. We believe that being able to quickly understand not only the potential issue but its mitigation is key.

New Minimum Compiler and Minimum Linker Version Switch

By default, BinScope 2014’s CompilerVersionCheck adheres to the compiler and linker versions defined in the SDL guidance. However, we recognize that compiler and linker versions will evolve over time, as a result two new command line switches were added. These switches, known as /MinimumCompilerVersion and /MinimumLinkerVersion, provide the ability to adjust the minimum linker and compiler versions that BinScope will detect when running the CompilerVersionCheck.

Increased Performance

Another important focus for us was to improve the performance of BinScope when executing a scan, particularly with large binaries. As a result, we have been able to improve the scanning performance of BinScope by up to 4 times.

Other changes in BinScope 2014 include:

  • Removal of the Graphical User Interface (GUI).
  • Removal of directory scanning, instead individual binary paths should be provided.
  • General bug fixes.

For more information and additional resources, visit: