Fork of pkg/debug that adds some additional functionality.
License: BSD 3-Clause "New" or "Revised" License
We have forked the debug/ folder from the standard library, to take direct control of the debug/elf, debug/macho, and debug/pe binary format parsers. To these parsers, we have added the ability to also generate executable files from the parsed intermediate data structures. This lets us load a file with debug parsers, make changes by interacting with the parser structures, and then write those changes back out to a new file.
https://www.symbolcrash.com/2019/02/23/introducing-symbol-crash/
Hi! @capnspacehook added this module as a dependency in https://github.com/burrowers/garble, which I think is perfectly reasonable.
Unfortunately, this repository has no license information, which is pretty scary. Please add some, which I assume should be just a copy of Go's own license info. With a license file, https://pkg.go.dev/github.com/Binject/debug/goobj2 would also work, which is now an error due to the lack of license info.
Line 101 in 9605c99
I noticed binject was nulling out the DOSStub when doing some static patching and narrowed it down to this branch - I believe the greater than check is just flipped (or maybe should be !=) but in either case, changing to
if dosHeaderSize < int(f.DosHeader.AddressOfNewExeHeader) {
at least results in a PE generated with the stub properly.
For example:
# import config
importmap golang.org/x/net/dns/dnsmessage=vendor/golang.org/x/net/dns/dnsmessage
packagefile context=$WORK/tmp/go-build068570326/b003/_pkg_.a
packagefile errors=$WORK/tmp/go-build068570326/b004/_pkg_.a
packagefile vendor/golang.org/x/net/dns/dnsmessage=$WORK/tmp/go-build068570326/b020/_pkg_.a
packagefile internal/bytealg=$WORK/tmp/go-build068570326/b009/_pkg_.a
packagefile internal/nettrace=$WORK/tmp/go-build068570326/b021/_pkg_.a
packagefile internal/poll=$WORK/tmp/go-build068570326/b022/_pkg_.a
packagefile internal/singleflight=$WORK/tmp/go-build068570326/b025/_pkg_.a
packagefile io=$WORK/tmp/go-build068570326/b024/_pkg_.a
packagefile math/rand=$WORK/tmp/go-build068570326/b026/_pkg_.a
packagefile os=$WORK/tmp/go-build068570326/b029/_pkg_.a
packagefile runtime=$WORK/tmp/go-build068570326/b008/_pkg_.a
packagefile sort=$WORK/tmp/go-build068570326/b032/_pkg_.a
packagefile sync=$WORK/tmp/go-build068570326/b014/_pkg_.a
packagefile sync/atomic=$WORK/tmp/go-build068570326/b016/_pkg_.a
packagefile syscall=$WORK/tmp/go-build068570326/b018/_pkg_.a
packagefile time=$WORK/tmp/go-build068570326/b017/_pkg_.a
packagefile runtime/cgo=$WORK/tmp/go-build068570326/b033/_pkg_.a
This is akin to the ImportMap field of go list -json. It essentially tells you that the package in question imports golang.org/x/net/dns/dnsmessage, but the actual package being imported there is vendor/golang.org/x/net/dns/dnsmessage, so you should look for packagefile vendor/golang.org/x/net/dns/dnsmessage=....
This happens in burrowers/garble#146, for example.
After parsing an object file, I get an invalid ArchiveHeader.Data field with garbage at the end. The ArchiveHeader.Size field is also set incorrectly.
package main
import (
"fmt"
"github.com/Binject/debug/goobj2"
)
func main() {
const magicHeaderName = "magic/example"
magicData := make([]byte, 256)
original, err := goobj2.Parse("a.obj", "main", nil)
if err != nil {
panic(err)
}
original.ArchiveMembers = append(original.ArchiveMembers, goobj2.ArchiveMember{
ArchiveHeader: goobj2.ArchiveHeader{
Name: magicHeaderName,
Size: int64(len(magicData)),
Data: magicData,
},
})
if err := original.Write("b.obj"); err != nil {
panic(err)
}
patched, err := goobj2.Parse("b.obj", "main", nil)
if err != nil {
panic(err)
}
var magicArchive goobj2.ArchiveMember
for _, member := range patched.ArchiveMembers {
if member.ArchiveHeader.Name == magicHeaderName {
magicArchive = member
break
}
}
if magicArchive.ArchiveHeader.Size != int64(len(magicData)) {
panic(fmt.Sprintf("real size %d != parsed size %d", magicArchive.ArchiveHeader.Size, len(magicData)))
}
}panic: real size 348 != parsed size 256
That is, instead of:
func Parse(objPath, pkgPath string, importCfg ImportCfg) (*Package, error)
just:
func Parse(objPath, pkgPath string, importMap func(importPath string) (objectPath string)) (*Package, error)
Reasons to do so:
map[string]importedPkg which also contains the object path, but since it's not a map[string]ExportInfo, I can't reuse it. I'd need two maps with the same keys, which is not ideal.I am currently in the process of making a pull-request after my merges, and I am updating the debug library to upstream's state while trying to preserve the changes that you guys did in relation to shellcode injection, the internal flags on the structs etc.
Can you explain how you created the goobj2 folder or where those files/packages came from?
The upstream golang codebase only has a cmd/internal/goobj folder, but it's not made for file parsing, and the debug folder doesn't contain the goobj2 subfolder.
Was that something that you implemented by yourself for debugging purposes?
It's a little unclear to me, any help or pointers appreciated.
(Tagging for notification @capnspacehook @awgh )
As per title - looks like it just needs to be commented out.
Line 86 in 3ba66a8
i want to change https://github.com/frkngksl/Huan/blob/7e533ceeeedeecf390546a077bca3400960f5a4a/HuanLoader/Loader.cpp
go golang.
bug i don't know how to deal with line 137-139.
Code:
package main
import (
"fmt"
"github.com/Binject/debug/goobj2"
)
func main() {
const magicHeaderName = "magic/example"
magicData := []byte("{}")
original, err := goobj2.Parse("a.obj", "main", nil)
if err != nil {
panic(err)
}
original.ArchiveMembers = append(original.ArchiveMembers, goobj2.ArchiveMember{
ArchiveHeader: goobj2.ArchiveHeader{
Name: magicHeaderName,
Size: int64(len(magicData)),
Data: magicData,
},
IsDataObj: true,
})
if err := original.Write("b.obj"); err != nil {
panic(err)
}
_, err = goobj2.Parse("b.obj", "main", nil)
if err != nil {
panic(err)
}
}Output:
panic: EOF
goroutine 1 [running]:
main.main()
main.go:33 +0x527
Error from here: https://github.com/Binject/debug/blob/master/goobj2/file.go#L550
pe.export error when installed SentinelOne EDR
panic: runtime error: slice bounds out of range [266362:208896]
goroutine 1 [running]:
github.com/Binject/debug/pe.(*File).Exports(0xc0000dbea8)
C:/Users/JohnDoe/go/pkg/mod/github.com/!binject/[email protected]/pe/exports.go:102 +0xa0d
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.