1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import
idc
from
idc
import
*
import
ida_nalt
moduledata_addr
=
0x05289C0
pcHeader_addr
=
idc.get_qword(moduledata_addr)
if
idc.get_wide_dword(pcHeader_addr) !
=
0x0FFFFFFF0
:
print
(idc.get_wide_dword(pcHeader_addr))
print
(
"错误,并不是一个正确的go文件"
)
funcnametable_addr
=
idc.get_qword(moduledata_addr
+
8
)
filetab_addr
=
idc.get_qword(moduledata_addr
+
8
+
((
8
*
3
)
*
2
))
pclntable_addr
=
idc.get_qword(moduledata_addr
+
8
+
((
8
*
3
)
*
4
))
pclntable_size
=
idc.get_qword(moduledata_addr
+
8
+
((
8
*
3
)
*
4
)
+
(
8
*
4
))
set_name(moduledata_addr,
"firstmoduledata"
)
set_name(funcnametable_addr,
"funcnametable"
)
set_name(filetab_addr,
"filetab"
)
set_name(pclntable_addr,
"pclntable"
)
print
(pclntable_size)
def
readString(addr):
ea
=
addr
res
=
''
cur_ea_db
=
get_db_byte(ea)
while
cur_ea_db !
=
0
and
cur_ea_db !
=
0xff
:
res
+
=
chr
(cur_ea_db)
ea
+
=
1
cur_ea_db
=
get_db_byte(ea)
return
res
def
relaxName(name):
if
type
(name) !
=
str
:
name
=
name.decode()
name
=
name.replace(
'.'
,
'_'
).replace(
"<-"
,
'_chan_left_'
).replace(
'*'
,
'_ptr_'
).replace(
'-'
,
'_'
).replace(
';'
,'
').replace('
"
', '
').replace('
\\
', '
')
name
=
name.replace(
'('
, '
').replace('
)
', '
').replace('
/
', '
_
').replace('
', '
_
').replace('
,
', '
comma
').replace('
{
','
').replace('
}
', '
').replace('
[
', '
').replace('
]
', '
')
return
name
cur_addr
=
0
for
i
in
range
(pclntable_size):
cur_addr
=
pclntable_addr
+
(i
*
8
)
funcentryOff
=
get_wide_dword(cur_addr)
funcoff
=
get_wide_dword(cur_addr
+
4
)
funcInfo_addr
=
pclntable_addr
+
funcoff
funcentry_addr
=
get_wide_dword(funcInfo_addr)
funnameoff
=
get_wide_dword(funcInfo_addr
+
4
)
funname_addr
=
funcnametable_addr
+
funnameoff
funname
=
readString(funname_addr)
truefuncname
=
relaxName(funname)
truefuncentry
=
ida_nalt.get_imagebase()
+
0x1000
+
funcentryOff
print
(
hex
(truefuncentry),
hex
(funcoff),
hex
(funcInfo_addr),
hex
(funcentry_addr),
hex
(funnameoff),
hex
(funname_addr) ,funname)
set_name(truefuncentry, truefuncname)