The Annobin plugin for GCC stores extra information inside binary files as they are compiled. Examining this information used to be performed by a set of Shell scripts, but that has now changed and a new program— annocheck — has been written to do the job. The advantage of the program is that it is faster and more flexible than the scripts, and it does not rely upon other utilities to actually peer inside the binaries.
This article is about the annocheck program: how to use it, how it works, and how to extend it. The program’s main purpose is to examine how a binary was built and to check that it has all of the appropriate security hardening features enabled. But that is not its only use. It also has several other modes that perform different kinds of examination of binary files.