Skip to content

Instantly share code, notes, and snippets.

@sysopfb

sysopfb/Gopclntab.py

Created May 7, 2021 16:26
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sysopfb/9fd2b00f14f22cdc8aedfcb5bfeb1a42 to your computer and use it in GitHub Desktop.
Save sysopfb/9fd2b00f14f22cdc8aedfcb5bfeb1a42 to your computer and use it in GitHub Desktop.
Download ZIP
My version of IDAGolangHelper is older than current
Raw
Gopclntab.py
import idc
import idautils
import idaapi
import ida_bytes
import ida_funcs
import ida_search
import ida_segment
import Utils
info = idaapi.get_inf_structure()
try:
is_be = info.is_be()
except:
is_be = info.mf
lookup = "FF FF FF FB 00 00" if is_be else "FB FF FF FF 00 00"
ver116 = False
go116magic = "FF FF FF FA 00 00" if is_be else "FA FF FF FF 00 00"
def check_is_gopclntab(addr):
ptr = Utils.get_bitness(addr)
first_entry = ptr.ptr(addr+8+ptr.size)
first_entry_off = ptr.ptr(addr+8+ptr.size*2)
addr_func = addr+first_entry_off
func_loc = ptr.ptr(addr_func)
if func_loc == first_entry:
return True
return False
def check_is_gopclntab116(addr):
if idc.Byte(addr+4) == 0:
if idc.Byte(addr+5) == 0:
#quantum
if (idc.Byte(addr+6) == 0x1 or idc.Byte(addr+6) == 0x2 or idc.Byte(addr+6) == 0x4):
#pointer size
if (idc.Byte(addr+7) == 0x4 or (idc.Byte(addr+7) == 0x8)):
return True
return False
def findGoPcLn():
global ver116
possible_loc = ida_search.find_binary(0, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN) #header of gopclntab
while possible_loc != idc.BADADDR:
if check_is_gopclntab(possible_loc):
return possible_loc
else:
#keep searching till we reach end of binary
possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, lookup, 16, idc.SEARCH_DOWN)
possible_loc = ida_search.find_binary(0, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN) #header of gopclntab
while possible_loc != idc.BADADDR:
if check_is_gopclntab116(possible_loc):
ver116 = True
return possible_loc
else:
#keep searching till we reach end of binary
possible_loc = ida_search.find_binary(possible_loc+1, idc.BADADDR, go116magic, 16, idc.SEARCH_DOWN)
return None
def parse_pclntab(addr):
ptr = Utils.get_bitness(addr)
base = addr
pos = base + 8
nfunctab = ptr.ptr(pos)
nfiltab = ptr.ptr(pos+ptr.size)
offset = ptr.ptr(pos+2*ptr.size)
funcnametab = base+offset
offset = ptr.ptr(pos+3*ptr.size)
cutab = base+offset
offset = ptr.ptr(pos+4*ptr.size)
filetab = base+offset
offset = ptr.ptr(pos+5*ptr.size)
pctab = base+offset
offset = ptr.ptr(pos+6*ptr.size)
funcdata = base+offset
functab = base+offset
functabsize = nfunctab * 2 * ptr.size * ptr.size
return((funcnametab, cutab, filetab, pctab, funcdata, functab, functabsize))
def rename(beg, ptr, make_funcs = True):
if ver116:
(funcnametab,cutab,filetab,pctab,funcdata,functab,functabsize) = parse_pclntab(beg)
for i in range(functabsize/ptr.size/2):
try:
entry = ptr.ptr(functab+((2*i)*ptr.size))
end = ptr.ptr(functab+((2*i+2)*ptr.size))
temp = ptr.ptr(functab+((2*i+1)*ptr.size))
info = funcdata+temp
name = idc.GetString(funcnametab+ptr.ptr(info+ptr.size))
if make_funcs == True:
idc.MakeUnknown(entry, 1, idc.DOUNK_SIMPLE)
idc.MakeFunction(entry)
if name != None:
name = Utils.relaxName(name)
Utils.rename(entry,name)
except:
pass
else:
base = beg
pos = beg + 8 #skip header
size = ptr.ptr(pos)
pos += ptr.size
end = pos + (size * ptr.size * 2)
print "%x" % end
while pos < end:
offset = ptr.ptr(pos + ptr.size)
ptr.maker(pos) #in order to get xrefs
ptr.maker(pos+ptr.size)
pos += ptr.size * 2
ptr.maker(base+offset)
func_addr = ptr.ptr(base+offset)
if make_funcs == True:
ida_bytes.del_items(func_addr, 1, ida_bytes.DELIT_SIMPLE)
ida_funcs.add_func(func_addr)
name_offset = idc.get_wide_dword(base+offset+ptr.size)
name = idc.get_strlit_contents(base + name_offset)
name = Utils.relaxName(name)
Utils.rename(func_addr, name)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment