rizin icon indicating copy to clipboard operation
rizin copied to clipboard
verified publisher icon rizinorg

Resolve golang string structures in data section

Open wargio opened this issue 3 years ago • 2 comments

Your checklist for this pull request

  • [x] I've read the guidelines for contributing to this repository
  • [x] I made sure to follow the project's coding style
  • [x] I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
  • [ ] I've added tests that prove my fix is effective or that my feature works (if possible)
  • [ ] I've updated the rizin book with the relevant information (if needed)

Detailed description

This resolves the go string structures in a very simplistic way by looking for offsets in sections which names contains the data substring. all the golang strings in tables are always set in the following way: pointer followed by the string size, stored in 32 or 64 bit words.

These structures are especially used in go 1.12 and 1.16

wargio avatar Aug 05 '22 21:08 wargio 


[XX] db/analysis/golang Resolve all symbols on a stripped linux go1.12 binary
RZ_NOPLUGINS=1 /usr/bin/rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'aalg
fl~sym.go.~?
pdfs @ main ~str.
izq~?
' bins/golang/example-server-1.12-stripped
-- stdout
--- expected
+++ actual
@@ -8,4 +8,4 @@
 0x0065de6d str.version
 0x0065de8a str.HTTP_version
 0x0065dfe6 str.
-14338
+14889

-- stderr

[x] Found go 1.12 pclntab data.

[x] Recovered 5414 symbols and saved them at sym.go.*
[ ] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[
[x] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[ ] Recovering go strings from the data sections
[
[x] Recovering go strings from the data sections
[ ] Analyze all instructions to recover all strings used in sym.go.*
[
[x] Analyze all instructions to recover all strings used in sym.go.*

[x] Recovered 10082 strings from the sym.go.* functions.

[**]                       db/archos/linux-x64/dbg_dmhd     1836 OK        58 BR        0 XX        3 FX
[**]                     db/archos/linux-x64/asm_x64_as     1842 OK        58 BR        0 XX        3 FX
[**]                     db/archos/linux-x64/dbg_trace1     1843 OK        58 BR        0 XX        3 FX


[XX] db/analysis/golang Resolve all symbols on a stripped linux go1.16 binary
RZ_NOPLUGINS=1 /usr/bin/rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'aalg
fl~sym.go.~?
pdfs @ main ~str.
izq~?
' bins/golang/example-server-1.16-stripped
-- stdout
--- expected
+++ actual
@@ -12,4 +12,4 @@
 ;-- str.flag:
 ;-- str.sort:
 ;-- str.sync:
-13492
+14028

-- stderr

[x] Found go 1.16 pclntab data.

[x] Recovered 4657 symbols and saved them at sym.go.*
[ ] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[
[x] Analyze all flags starting with sym.go. (aF @@f:sym.go.*)
[ ] Recovering go strings from the data sections
[
[x] Recovering go strings from the data sections
[ ] Analyze all instructions to recover all strings used in sym.go.*
[
[x] Analyze all instructions to recover all strings used in sym.go.*

[x] Recovered 10098 strings from the sym.go.* functions.

XVilka avatar Aug 06 '22 16:08 XVilka

@ret2libc if we merge this then i can reuse the same function on the other PR.

wargio avatar Aug 07 '22 10:08 wargio