sysopfb/go_116_pclntab.py

## go_116_pclntab.py
import sys
import struct

magic = '\xfa\xff\xff\xff\x00\x00'

ver = 'le'
psize = 8

def find_pclntab(data):
    off = data.find(magic)
    while off != -1:
	if (data[off+4] == '\x00' and data[off+5] == '\x00' and
	#quantum
	(data[off+6] == '\x01' or data[off+6] == '\x02' or data[off+6] == '\x04') and
	#pointer size
	(data[off+7] == '\x04' or data[off+7] == '\x08')):
	    return off
    return None


def uintptr(data):
    if ver == 'le':
	e = '<'
    else:
	e = '>'
    if psize == 4:
	p = 'I'
    else:
	p = 'Q'
    return(struct.unpack_from(e+p, data)[0])

def parse_pclntab(data):
    global psize
    if data[7] == '\x04':
        psize = 4
    nfunctab = uintptr(data[8:])
    nfiletab = uintptr(data[8+psize:])
    offset = uintptr(data[8+2*psize:])
    funcnametab = data[offset:]

    offset = uintptr(data[8+3*psize:])
    cutab = data[offset:]
    offset = uintptr(data[8+4*psize:])
    filetab = data[offset:]
    offset = uintptr(data[8+5*psize:])
    pctab = data[offset:]
    offset = uintptr(data[8+6*psize:])
    funcdata = data[offset:]
    functab = data[offset:]
    functabsize = nfunctab * 2 * psize + psize
    functab = functab[:functabsize]
    return((funcnametab,cutab,filetab,pctab,funcdata,functab))


def funcName(data):
    return data.split('\x00')[0]

if __name__ == "__main__":
    a = open(sys.argv[1], 'rb').read()
    t = find_pclntab(a)
    tbls = parse_pclntab(a[t:])
    (funcnametab,cutab,filetab,pctab,funcdata,functab) = tbls
    for i in range((len(functab)/psize)/2):
        entry = uintptr(functab[(2*i)*psize:])
        end = uintptr(functab[(2*i+2)*psize:])
        info = funcdata[uintptr(functab[(2*i+1)*psize:]):]
        name = funcName(funcnametab[uintptr(info[psize:]):])
        print("Function Start: "+hex(entry))
        print("Function End: "+hex(end))
        print(name)
        print('\n')
	import sys
	import struct

	magic = '\xfa\xff\xff\xff\x00\x00'

	ver = 'le'
	psize = 8

	def find_pclntab(data):
	off = data.find(magic)
	while off != -1:
	if (data[off+4] == '\x00' and data[off+5] == '\x00' and
	#quantum
	(data[off+6] == '\x01' or data[off+6] == '\x02' or data[off+6] == '\x04') and
	#pointer size
	(data[off+7] == '\x04' or data[off+7] == '\x08')):
	return off
	return None


	def uintptr(data):
	if ver == 'le':
	e = '<'
	else:
	e = '>'
	if psize == 4:
	p = 'I'
	else:
	p = 'Q'
	return(struct.unpack_from(e+p, data)[0])

	def parse_pclntab(data):
	global psize
	if data[7] == '\x04':
	psize = 4
	nfunctab = uintptr(data[8:])
	nfiletab = uintptr(data[8+psize:])
	offset = uintptr(data[8+2*psize:])
	funcnametab = data[offset:]

	offset = uintptr(data[8+3*psize:])
	cutab = data[offset:]
	offset = uintptr(data[8+4*psize:])
	filetab = data[offset:]
	offset = uintptr(data[8+5*psize:])
	pctab = data[offset:]
	offset = uintptr(data[8+6*psize:])
	funcdata = data[offset:]
	functab = data[offset:]
	functabsize = nfunctab * 2 * psize + psize
	functab = functab[:functabsize]
	return((funcnametab,cutab,filetab,pctab,funcdata,functab))


	def funcName(data):
	return data.split('\x00')[0]

	if __name__ == "__main__":
	a = open(sys.argv[1], 'rb').read()
	t = find_pclntab(a)
	tbls = parse_pclntab(a[t:])
	(funcnametab,cutab,filetab,pctab,funcdata,functab) = tbls
	for i in range((len(functab)/psize)/2):
	entry = uintptr(functab[(2i)psize:])
	end = uintptr(functab[(2i+2)psize:])
	info = funcdata[uintptr(functab[(2i+1)psize:]):]
	name = funcName(funcnametab[uintptr(info[psize:]):])
	print("Function Start: "+hex(entry))
	print("Function End: "+hex(end))
	print(name)
	print('\n')