1

I'm catching a System.ArgumentException: Illegal characters in path when trying to script BinScope from the command line. BinScope is an SDLC audit tool from Microsoft, and the full output is below.

The exception is claiming an illegal character, but its not telling me what the illegal character is nor its location. I'm kind of at a loss because all the options are valid (according to binscope.exe /?), and all the paths are quoted.

Which character (or characters) is illegal in the path? How does one determine the offending character?

C:\Users\Audit\Desktop>binscope.exe /sdl "C:\Users\Audit\Deskt
op\Program\Agent\twprogram.exe" /sympath "C:\Users\Audit\De
sktop\Program\Agent\twprogram.pdb" /outdir "C:\Users\Audit\
Desktop\" /logfile twprogram.xml
Microsoft SDL BinScope binary analysis tool v1.0.4027.29711

Unhandled Exception: System.ArgumentException: Illegal characters in path.
   at System.IO.Path.CheckInvalidPathChars(String path)
   at System.IO.Path.NormalizePathFast(String path, Boolean fullCheck)
   at System.IO.Path.NormalizePath(String path, Boolean fullCheck)
   at System.IO.Path.GetFullPathInternal(String path)
   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Bo
olean overwrite)
   at Microsoft.MSEC.BinScope.BinScopeMain.Run(BinScopeConfiguration config, Bin
ScopeScanner scanner)
   at Microsoft.MSEC.BinScope.BinScopeMain.Main(String[] args)

And:

C:\Users\Audit\Desktop>echo %PATH%
C:\Program Files (x86)\Microsoft\SDL BinScope\;C:\Windows\system32;C:\Windows;
C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
jww
  • 12,722

1 Answers1

1

Escape (double, like in Desktop\\") or remove last backslash in /outdir "C:\Users\Audit\Desktop\" - the way it's parsed creates [escaped] unbalanced quote char (") which is invalid in path.

btw - taken from Microsoft reference here: http://msdn.microsoft.com/en-us/library/system.io.path.getinvalidpathchars%28v=vs.110%29.aspx

on Windows-based desktop platforms, invalid path characters might include ASCII/Unicode characters 1 through 31, as well as quote ("), less than (<), greater than (>), pipe (|), backspace (\b), null (\0) and tab (\t).

Edit: Additional info on C# (and also C, C++) args parsing rules on Windows (taken from http://msdn.microsoft.com/en-us/library/system.environment.getcommandlineargs.aspx):

If a double quotation mark follows two or an even number of backslashes, each proceeding backslash pair is replaced with one backslash and the double quotation mark is removed. If a double quotation mark follows an odd number of backslashes, including just one, each preceding pair is replaced with one backslash and the remaining backslash is removed; however, in this case the double quotation mark is not removed.

wmz
  • 7,358