Unexpected fatal runtime condition(s) observed: ExceptionLoadingPdb

[vbiala]

I am trying to run binskim through a VSTS build and it keeps crashing with ExceptionLoadingPdb error. After looking at all the logs generated, it looks like "libuv.dll" is the one causing the issue. Below is the error I see in logs:
error ERR997.ExceptionLoadingPdb : BA2006 : 'libuv.dll' was not evaluated for check 'BuildWithSecureTools' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found))

libuv.dll is included with Kestrel from Microsoft. I was wondering if there is a way that binskim doesn't crash when it hits this exception and still finishes the process to check all other assemblies.

[Evmaus-MS]

Hey: So BinSkim should be scanning the rest of the binaries you pass to it--the message atthe end simply means that some checks could not be run on that binary (as you need access private symbols to check some of the things that BinSkim is checking). BinSkim reports if it encountered that error at all after it has finished checking all of the binaries, and as you've observed also notes which checks couldn't run. In general, with binaries you aren't compiling or don't have access to private symbols for (such as closed source third party dependencies), we recommend simply treating that message as informational. ("The tool couldn't evaluate this.") Hope this helps, Everett Sent from Outlook

…

________________________________ From: vbiala <notifications@github.com> Sent: Wednesday, March 21, 2018 5:10:54 PM To: Microsoft/binskim Cc: Subscribed Subject: [Microsoft/binskim] Unexpected fatal runtime condition(s) observed: ExceptionLoadingPdb (#161) I am trying to run binskim through a VSTS build and it keeps crashing with ExceptionLoadingPdb error. After looking at all the logs generated, it looks like "libuv.dll" is the one causing the issue. Below is the error I see in logs: error ERR997.ExceptionLoadingPdb : BA2006 : 'libuv.dll' was not evaluated for check 'BuildWithSecureTools' because its PDB could not be loaded. (E_PDB_NOT_FOUND (File not found)) libuv.dll is included with Kestrel from Microsoft. I was wondering if there is a way that binskim doesn't crash when it hits this exception and still finishes the process to check all other assemblies. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoft%2Fbinskim%2Fissues%2F161&data=04%7C01%7Cevmaus%40microsoft.com%7C65577aa924634ea5d89508d58f896170%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636572742565461936%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=3cmlaPWopefXLr5C4Fwzzl8Z2ItFlz0MZb74tZjU%2FxU%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAY8m3knU0LnPzkP0Qy7izcS4CwO5Kwhmks5tguwOgaJpZM4S2QI4&data=04%7C01%7Cevmaus%40microsoft.com%7C65577aa924634ea5d89508d58f896170%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636572742565461936%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=YHELRIJN%2Bdg85BeWBR85dhMAxovhLRPo8id5Ka4pG%2Bc%3D&reserved=0>.

[vbiala]

I can treat them as information. The thing is I get this error in the end so it is just confusing that if binskim finished analyzing everything or not:
Analysis did not complete due to one or more unrecoverable execution conditions.
Unexpected fatal runtime condition(s) observed: ExceptionLoadingPdb

But if it is expected, I can ignore this error.

[PouyaPanahy]

still getting this on MS Azure DevOps taksk.
Any news on how to configure this to work?

[JustinSchneiderPBI]

We're still seeing this too, can we pass in a flag for BinSkim to treat this like any other error so that a BinSkim crash is differentiated from a well-understood input error?

[jordynniara]

Same here, it's very misleading and is preventing my ADO pipeline from succeeding.

[subhadlearner]

I am facing this issue as well, any resolution anyone know about?

[admsugar]

Bump - seeing this error as well. @Evmaus-MS How can errors be marked as optional for libraries where pdb files are not present?

[Evmaus-MS]

So -- as an FYI I haven't really been contributing to this project since late 2018 when I left Microsoft for another company.

I'll re-open this issue for the current maintainers since it seems like the behavior here isn't ideal for some of the integration pipelines/etc., but I can't do much more than that.

[quasarea]

Same issue on azure pipelines

[michaelcfanning]

Hello, everyone. First we're working on a general solution to baselining PDB load errors. What you'll be able to do is generate a current BinSkim log file, then configure your system to ignore any open issues (like a PDB load file for a Microsoft binary) while still generating newly found issues.

I don't want to skip past the issue discussed here, though. The first thing to ask is whether you're specifying the Microsoft symbol server at analysis time, e.g., --sympath Cache*c:\symbols;SRV*http://msdl.microsoft.com/download/symbols

If "libuv.dll" is a Microsoft binary, this should pull in the PDB. I just ran a test on a local install, though, and I'm seeing an odd error return value PDB_MAX from BinSkim when the symbol is, I assume located. This could indicate a PDB parsing error. I opened #397 to track this.

[JustinSchneiderPBI]

My team does not use the default symbol server. The missing pdbs for us are not on it.

[eddynaka]

Hi @JustinSchneiderPBI , in your scenario, do you have the pdbs near the dlls?

[JustinSchneiderPBI]

I think I misread Michael's comment. It sounded like a question. We do have a symbol server, just not the default Microsoft symbol server. We use that and locally built pdbs for most dlls. Some dlls don't have the pdbs anywhere available. We want to be able to scan those along with the whole product without Binskim reporting a fatal runtime error that sounds like it crashed rather than ran as expected, producing a list of issues to fix. The baseline feature seems like it will get us there, though I haven't tried it out yet.

[eddynaka]

Hi @JustinSchneiderPBI ,

since the PDB is required to do many of our analysis if you don't supply it will throw that "exception". Even with baseline, Binskim will still show that you are still missing PDBs...

So, I think it won't solve your issue if you don't have the required files to complete it.

Now, are those DLLs that you are analyzing third-party? Why don't you have the PDBs?

[JustinSchneiderPBI]

Yes, they are 3rd-party PDBs. Yes, I understand the analysis is limited by missing PDBs. The key here is differentiating from:

1. BinSkim is broken and I should report this failure to Binskim or my Engineering Systems team
   vs
2. BinSkim completed the analysis, based on the information available. There are some issues that should be fixed, and there are some dlls with missing analysis that should also be fixed.

[eddynaka]

Hi @JustinSchneiderPBI ,

if you have 10 DLLs where one of those isn't yours and it does not have PDB, for example.
The analysis would be complete, but it would show the missing PDB error.

Unless you are facing another issue where it's halting the analysis, which that would be a problem.

[eddynaka]

Hi,

we just released a new prerelease version with some improvements for pdb reader.
Closing this issue for now.

If you face any issue, pls, feel free to open a new issue.