The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.
BinScope also reports on dangerous constructs that are prohibited or discouraged by the SDL (e.g. read/write shared sections and global function pointers). For a more detailed enumeration of the checks performed by BinScope, please see the BinScope documentation. BinScope is available in two forms: as a standalone executable and as a Visual Studio add-on.
Get the tool…
I am not sure where to report it, but BinScope will raise "NXCheck" failures for 64-bit executables not marked as /NXCOMPAT.
However since 64-bit executables on 64-bit operating systems are always DEP-enabled, it looks like a false positive to me.
I think this is because BinScope checks for the NX bit in the PE header. It does not verify whether the executable is actually DEP compatible. So the 64-bit executables should have this bit set, in my opinion.
Can I use Binscope to verify an exe package built using a jar file and 2 dlls?