0xjiayu / go_parser Goto Github PK

View Code? Open in Web Editor NEW

1.1K 1.1K 135.0 2.23 MB

Yet Another Golang binary parser for IDAPro

License: MIT License

Python 100.00%

go_parser's People

Stargazers

Watchers

Forkers

narutogit cpluse showmethemoney2022 satchel9 normanx crackercat shuixi2013 chensiqia gyyfifafans jack51706 woozoo86 tuanngokien sumerzhang dotsu123 pombredanne foxhack trietptm-on-coding-algorithms cscinsight ntiyison simple555a zu1kbackup zha0 avgirl gavz bb33bb yanshu911 heartsleep x64bugreport tobey123 rajivraj 5l1v3r1 pengtao007 pianomanx meimingle nachtwaffen dunkelheitx davidliu88 zhihuizhiming aplus123 keesoulken baby-233 kernweak fanuxs avaudioplayer happyqingye angrykobe idkwim alienzox medasz renzhexigua beyondcy damnya ttys3 tututu-patch mysolen nevinhappy iceq674 huanjiesm gifrop ioxuy bobbyzhu evilbitse kenuosec asuralove mewbak smartzh bigwillj xswvfr empty2081 hackdou noob-engle eminmuhammadi bloodybag lenz913 veroz1 cc-404 vtanrun h774211 k3v1n1990s xupuxjs wenyingxiongwy kosh-cyber roger1901 tomqunchao jungerschwarz jungeschwarz ttkko idapluginproject h1d3r qianniaoge clannadpy ergoz remote0 26597925 zycode667 yuzuki616 laomeinote gg-big-org kungia09 fengjixuchui

go_parser's Issues

python2.7下运行异常

D:\gopher\go_parser\go_parser.py: in method 'create_strlit', argument 2 of type 'size_t'
Traceback (most recent call last):
File "C:\Program Files\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
execfile(script, g)
File "D:/gopher/go_parser/go_parser.py", line 52, in
main()
File "D:/gopher/go_parser/go_parser.py", line 36, in main
pclntab.parse()
File "D:/gopher/go_parser\pclntbl.py", line 173, in parse
self.parse_funcs()
File "D:/gopher/go_parser\pclntbl.py", line 125, in parse_funcs
func_st.parse()
File "D:/gopher/go_parser\pclntbl.py", line 252, in parse
if idc.MakeStr(name_addr, name_addr + len(raw_name_str) + 1):
File "C:\Program Files\IDA 7.0\python\idc_bc695.py", line 113, in MakeStr
def MakeStr(ea, endea): return create_strlit(ea, 0 if (endea) == ida_idaapi.BADADDR else endea-ea)
File "C:\Program Files\IDA 7.0\python\idc.py", line 695, in create_strlit
return ida_bytes.create_strlit(ea, 0 if endea == BADADDR else endea - ea, get_inf_attr(INF_STRTYPE))
File "C:\Program Files\IDA 7.0\python\ida_bytes.py", line 1618, in create_strlit
return _ida_bytes.create_strlit(*args)
TypeError: in method 'create_strlit', argument 2 of type 'size_t'

IDA Pro 7.7.2 Install Error

I leave it in plugins, But I can't find it

ida7.7解析go X86_64下报错Invalid pclntbl header magic number!

似乎是解析头报错了。。是程序做了什么处理导致的吗
#
$2~TH_({AI8DGBY GZ3OHXBC$

ida 7.0 报错

go_parser.py: Invalid address of segment [.noptrdata]

关于idapython api版本和python版本

两个问题

尽量去支持最新版本的idapython的api，这样才能在以后版本不出问题。
python2都已经废弃了，python3才是主流。

我对两个问题都进行了fix，但是可能存在一些小的bug，我可以发pull requests吗？

解析的时候容易造成IDA主程序长时间无响应，且解析失败

IDA7.6支持分析Go二进制了

https://www.hex-rays.com/products/ida/news/7_6/

parsing of golang-specific metadata to recover function names and boundaries
support for stack-based parameters and return values even on platfoms that usually use registers (ARM, x64)
detection of golang-specific string literals

ida 7.5 IndexError: list index out of range

配合ida7.5使用，但是在还原符号时
出现了报错

已经成功还原了部分符号，但没有所有成功还原完；报错如下

C:\Users\john\Desktop\go_parser-master (1)\go_parser-master\go_parser.py: 'NoneType' object has no attribute 'start_ea'
Traceback (most recent call last):
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master\pclntbl.py", line 667, in parse
    self.func_type = FUNC_TYPES[self.func_id]
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "E:\Tools\IDA_Pro_v7.5_Portable\python\3\ida_idaapi.py", line 616, in IDAPython_ExecScript
    exec(code, g)
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master/go_parser.py", line 56, in <module>
    main()
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master/go_parser.py", line 39, in main
    pclntab.parse()
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master\pclntbl.py", line 406, in parse
    self.parse_funcs_116()
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master\pclntbl.py", line 281, in parse_funcs_116
    func_st.parse()
  File "C:/Users/john/Desktop/go_parser-master (1)/go_parser-master\pclntbl.py", line 669, in parse
    common._debug(f"Invalid funcID. Curr func entry: {real_func_addr.start_ea:#x}, func st addr: {self.addr:#x}, func id: {self.func_id:#x}")
AttributeError: 'NoneType' object has no attribute 'start_ea'

IDA 7.7 list index out of range

C:\IDA\python\go_parser.py: list index out of range
Traceback (most recent call last):
File "C:\IDA\python\3\ida_idaapi.py", line 580, in IDAPython_ExecScript
exec(code, g)
File "C:/IDA/python/go_parser.py", line 56, in
main()
File "C:/IDA/python/go_parser.py", line 50, in main
type_parser.build_all_types()
File "C:\IDA\python\types_builder.py", line 51, in build_all_types
self._parse_extra_types()
File "C:\IDA\python\types_builder.py", line 84, in _parse_extra_types
self.parse_type(type_addr=target_type_addr)
File "C:\IDA\python\types_builder.py", line 100, in parse_type
rtype.parse()
File "C:\IDA\python\types_builder.py", line 254, in parse
idc.set_cmt(self.addr + 2*ADDR_SZ + 7, f"kind: {self.get_kind()}", 0)
File "C:\IDA\python\types_builder.py", line 305, in get_kind
return self.TYPE_KINDS[self.kind]
IndexError: list index out of range

ida 7.7 and pytho 3.8, i got this: Failed to find firstmoduledata address! in moduledata.py, line 177, Please help

Infinite Loop GoLang 1.19.5

There seems to be an infinite loop in types_builder.py on line 415 during the call to self.read_varint(1). It seems to be trying to read the VarInt from the incorrect offset.

TypeError: in method 'create_strlit', argument 2 of type 'size_t'

52 的便携版 IDA 7.0
打开 Go 二进制文件，直接 Alt+F7 选择 go_parser.py 后报错如下

Z:\windows\IDAScriptFile\go_parser\go_parser.py: in method 'create_strlit', argument 2 of type 'size_t'
Traceback (most recent call last):
  File "C:\Users\testUser\Desktop\IDA_Pro_v7.0_Portable\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
    execfile(script, g)
  File "Z:/windows/IDAScriptFile/go_parser/go_parser.py", line 52, in <module>
    main()
  File "Z:/windows/IDAScriptFile/go_parser/go_parser.py", line 36, in main
    pclntab.parse()
  File "Z:/windows/IDAScriptFile/go_parser\pclntbl.py", line 173, in parse
    self.parse_funcs()
  File "Z:/windows/IDAScriptFile/go_parser\pclntbl.py", line 125, in parse_funcs
    func_st.parse()
  File "Z:/windows/IDAScriptFile/go_parser\pclntbl.py", line 252, in parse
    if idc.MakeStr(name_addr, name_addr + len(raw_name_str) + 1):
  File "C:\Users\testUser\Desktop\IDA_Pro_v7.0_Portable\python\idc_bc695.py", line 113, in MakeStr
    def MakeStr(ea, endea): return create_strlit(ea, 0 if (endea) == ida_idaapi.BADADDR else endea-ea)
  File "C:\Users\testUser\Desktop\IDA_Pro_v7.0_Portable\python\idc.py", line 695, in create_strlit
    return ida_bytes.create_strlit(ea, 0 if endea == BADADDR else endea - ea, get_inf_attr(INF_STRTYPE))
  File "C:\Users\testUser\Desktop\IDA_Pro_v7.0_Portable\python\ida_bytes.py", line 1618, in create_strlit
    return _ida_bytes.create_strlit(*args)
TypeError: in method 'create_strlit', argument 2 of type 'size_t'

解决函数识别不完整

测试了恢复在windows和linux上编译的的hello world，结果IDA识别的函数远远少于Functions number的值，在windows上还找不到main😶
通过检查发现是IDA未能识别某些函数，需要手动创建函数
在https://github.com/0xjiayu/go_parser/blob/master/pclntbl.py#L109 下面加上如下代码解决了这个问题😋

if not idc.GetFunctionName(func_addr):
    # common._debug("Defining function at: @ %x" % func_addr)
    idc.MakeCode(func_addr)
    idc.MakeFunction(func_addr)

Function common.read_mem return 0xffffff where the address is invalid in ida 7.4 .

go_parser/types_builder.py

Line 366 in ff50de9

if pkgpath_off > 0:

I am supposed to use the ctypes.c_int() to wrapper the return value.

            pkgpath_off = read_mem(pkgpath_off_addr, forced_addr_sz=4)
            _debug("pkgpath_off : {}".format( hex(pkgpath_off)))
            # if pkgpath_off > 0: # if error return 0xffffffff 
            if c_int(pkgpath_off).value > 0:
                pkgpath_addr = self.moddata.types_addr + pkgpath_off
                pkgpath_name_obj = Name(pkgpath_addr, self.moddata)

没有任何安装的文档么？

err in run go_parse.py

[ERROR] - Failed to find valid segment [.noptrdata]
go bin is https://github.com/0Kee-Team/crawlergo/releases/download/v0.4.0/crawlergo_linux_arm64.zip

ida7.0报错

C:\Desktop\go_parser-master\go_parser-master\go_parser.py: in method 'create_strlit', argument 2 of type 'size_t'
Traceback (most recent call last):
File "C:\AnalysisTools\IDA_Pro_v7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
execfile(script, g)
File "C:/Desktop/go_parser-master/go_parser-master/go_parser.py", line 52, in
main()
File "C:/Desktop/go_parser-master/go_parser-master/go_parser.py", line 36, in main
pclntab.parse()
File "C:/Desktop/go_parser-master/go_parser-master\pclntbl.py", line 173, in parse
self.parse_funcs()
File "C:/Desktop/go_parser-master/go_parser-master\pclntbl.py", line 125, in parse_funcs
func_st.parse()
File "C:/Desktop/go_parser-master/go_parser-master\pclntbl.py", line 252, in parse
if idc.MakeStr(name_addr, name_addr + len(raw_name_str) + 1):
File "C:\AnalysisTools\IDA_Pro_v7.0\python\idc_bc695.py", line 113, in MakeStr
def MakeStr(ea, endea): return create_strlit(ea, 0 if (endea) == ida_idaapi.BADADDR else endea-ea)
File "C:\AnalysisTools\IDA_Pro_v7.0\python\idc.py", line 695, in create_strlit
return ida_bytes.create_strlit(ea, 0 if endea == BADADDR else endea - ea, get_inf_attr(INF_STRTYPE))
File "C:\AnalysisTools\IDA_Pro_v7.0\python\ida_bytes.py", line 1618, in create_strlit
return _ida_bytes.create_strlit(*args)
TypeError: in method 'create_strlit', argument 2 of type 'size_t'

go 1.16 是不是不能用了

结构好像不一样了

IDA 7.7 Go(1.10.x-1.17.x)[EXEC AMD64-64] Restore failed

I use detect it easy scan the program,display Go(1.10.x-1.17.x)[EXEC AMD64-64],when I use go_parser restore,hava error break

G:\IDAPlugins\go_parser\go_parser.py: Failed to find firstmoduledata address!
Traceback (most recent call last):
File "E:\Tools\IDA_Pro_7.7\python\3\ida_idaapi.py", line 580, in IDAPython_ExecScript
exec(code, g)
File "G:/IDAPlugins/go_parser/go_parser.py", line 56, in
main()
File "G:/IDAPlugins/go_parser/go_parser.py", line 29, in main
firstmoddata_addr, magic_number = moduledata.find_first_moduledata_addr()
File "G:\IDAPlugins/go_parser\moduledata.py", line 177, in find_first_moduledata_addr
raise Exception("Failed to find firstmoduledata address!")
Exception: Failed to find firstmoduledata address!

Python 3.11+IDA Pro7.0报错

C:\Users\iie-iisd\Desktop\go_parser-master\go_parser.py: invalid syntax (C:/Users/iie-iisd/Desktop/go_parser-master/go_parser.py, line 43)
Traceback (most recent call last):
File "D:\Software\IDA 7.0\IDA 7.0\python\ida_idaapi.py", line 553, in IDAPython_ExecScript
execfile(script, g)
File "C:/Users/iie-iisd/Desktop/go_parser-master/go_parser.py", line 43
common._info(f"pclntbl addr: {firstmoddata.pclntbl_addr:#x}\n")
^
SyntaxError: invalid syntax

ida 7.5报错- -

C:\Users\xx\Desktop\go_parser-1.0.0-py3\go_parser.py: No module named 'IPython'
Traceback (most recent call last):
File "C:\Users\xx\Desktop\IDA_Pro_v7.5_Portable\python\3\ida_idaapi.py", line 616, in IDAPython_ExecScript
exec(code, g)
File "C:/Users/xx/Desktop/go_parser-1.0.0-py3/go_parser.py", line 24, in
idaapi.require("types_builder")
File "C:\Users\xx\Desktop\IDA_Pro_v7.5_Portable\python\3\ida_idaapi.py", line 161, in require
m = importlib.import_module(modulename, package)
File "importlib_init_.py", line 127, in import_module
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 783, in exec_module
File "", line 219, in _call_with_frames_removed
File "C:/Users/sky/Desktop/go_parser-1.0.0-py3\types_builder.py", line 12, in
import IPython
ModuleNotFoundError: No module named 'IPython'

ida7.5+py3 error

F:\tools\go_parser\go_parser.py: module 'idc' has no attribute 'Dword'
Traceback (most recent call last):
  File "C:\Program Files\IDA Pro 7.5\python\3\ida_idaapi.py", line 615, in IDAPython_ExecScript
    exec(code, g)
  File "F:/tools/go_parser/go_parser.py", line 52, in <module>
    main()
  File "F:/tools/go_parser/go_parser.py", line 29, in main
    firstmoddata_addr = moduledata.find_first_moduledata_addr()
  File "F:/tools/go_parser\moduledata.py", line 71, in find_first_moduledata_addr
    if idc.Dword(read_mem(curr_addr, read_only=True)) & 0xFFFFFFFF == magic_num: # possible firstmoduledata
AttributeError: module 'idc' has no attribute 'Dword'

There an issue for parser_func.py

I use the go_parser on IDA 7.6 but there an issuse on it. The following is the error report:
File "D:/xxxxxxxx/IDA Pro 7.6/plugins/parse_func.py", line 12, in
start = idc.get_func_attr(here(),FUNCATTR_START)
NameError: name 'here' is not defined

is there some modul i did not install or something other reasen?

by the way, I use local python (version 3.10.8 ).

ida7.5下测试报错

/media/psf/Home/Documents/code/python/go_parser/go_parser-1.0.0-py3/go_parser.py: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte
Traceback (most recent call last):
  File "/media/psf/Home/Documents/tools/ida7.5/python/3/ida_idaapi.py", line 615, in IDAPython_ExecScript
    exec(code, g)
  File "/media/psf/Home/Documents/code/python/go_parser/go_parser-1.0.0-py3/go_parser.py", line 53, in <module>
    main()
  File "/media/psf/Home/Documents/code/python/go_parser/go_parser-1.0.0-py3/go_parser.py", line 36, in main
    pclntab.parse()
  File "/media/psf/Home/Documents/code/python/go_parser/go_parser-1.0.0-py3/pclntbl.py", line 175, in parse
    self.goroot = common.get_goroot()
  File "/media/psf/Home/Documents/code/python/go_parser/go_parser-1.0.0-py3/common.py", line 167, in get_goroot
    goroot_path_str = idc.get_bytes(goroot_path_addr, goroot_path_len).decode()
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte

0xjiayu / go_parser Goto Github PK

go_parser's People

Stargazers

Watchers

Forkers

go_parser's Issues

Recommend Projects

Recommend Topics

Recommend Org