forked from goretk/gore
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpclntab.go
95 lines (87 loc) · 2.96 KB
/
pclntab.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// This file is part of GoRE.
//
// Copyright (C) 2019-2021 GoRE Authors
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package gore
import (
"bytes"
"debug/pe"
)
// pclntab12magic is the magic bytes used for binaries compiled with Go
// prior to 1.16
var pclntab12magic = []byte{0xfb, 0xff, 0xff, 0xff, 0x0, 0x0}
// pclntab116magic is the magic bytes used for binaries compiled with
// Go 1.16 and Go 1.17.
var pclntab116magic = []byte{0xfa, 0xff, 0xff, 0xff, 0x0, 0x0}
// pclntab118magic is the magic bytes used for binaries compiled with
// Go 1.18 and Go 1.19.
var pclntab118magic = []byte{0xf0, 0xff, 0xff, 0xff, 0x0, 0x0}
// pclntab120magic is the magic bytes used for binaries compiled with
// Go 1.20 and onwards.
var pclntab120magic = []byte{0xf1, 0xff, 0xff, 0xff, 0x0, 0x0}
// searchFileForPCLNTab will search the .rdata and .text section for the
// PCLN table. Note!! The address returned by this function needs to be
// adjusted by adding the image base address!!!
func searchFileForPCLNTab(f *pe.File) (uint32, []byte, error) {
for _, v := range []string{".rdata", ".text"} {
sec := f.Section(v)
if sec == nil {
continue
}
secData, err := sec.Data()
if err != nil {
continue
}
tab, err := searchSectionForTab(secData)
if err == ErrNoPCLNTab {
continue
}
// TODO: Switch to returning a uint64 instead.
addr := sec.VirtualAddress + uint32(len(secData)-len(tab))
return addr, tab, err
}
return 0, []byte{}, ErrNoPCLNTab
}
// searchSectionForTab looks for the PCLN table within the section.
func searchSectionForTab(secData []byte) ([]byte, error) {
// First check for the current magic used. If this fails, it could be
// an older version. So check for the old header.
MAGIC_LOOP:
for _, magic := range [][]byte{pclntab120magic, pclntab118magic, pclntab116magic, pclntab12magic} {
off := bytes.LastIndex(secData, magic)
if off == -1 {
continue // Try other magic.
}
for off != -1 {
if off != 0 {
buf := secData[off:]
if len(buf) < 16 || buf[4] != 0 || buf[5] != 0 ||
(buf[6] != 1 && buf[6] != 2 && buf[6] != 4) || // pc quantum
(buf[7] != 4 && buf[7] != 8) { // pointer size
// Header doesn't match.
if off-1 <= 0 {
continue MAGIC_LOOP
}
off = bytes.LastIndex(secData[:off-1], magic)
continue
}
// Header match
return secData[off:], nil
}
break
}
}
return nil, ErrNoPCLNTab
}