Alexander Hanel alexander-hanel

New moduledata format

type moduledata struct {
	pcHeader     *pcHeader
	funcnametab  []byte
	cutab        []uint32
	filetab      []byte
	pctab        []byte
	pclntable []byte

Follow along for https://medium.com/a-journey-with-go/go-overview-of-the-compiler-4e5a153ca889

Set enviornmental variable for GOSSAFUNC

C:\Go\projects\overview>set GOSSAFUNC=maincls

Contents of overview.go

package main

Dissecting Go Binaries
Go: Overview of the Compiler
Go compiler internals: adding a new statement to Go - Part 1
Go compiler internals: adding a new statement to Go - Part 2
Reversing GO binaries like a pro
How a Go Program Compiles down to Machine Code
Analyzing Golang Executables
Go Reverse Engineering Tool Kit
go-internals book
[Reconstructing Program Semantics from Go Binaries](http://home.in.tum.de/

	DEBUG = True

	def get_basic_block(ea):
	"""get basic blocks of address"""
	f = idaapi.get_func(ea)
	fc = idaapi.FlowChart(f)
	for block in fc:
	if block.start_ea <= ea:
	if block.end_ea > ea:
	return block.start_ea, block.end_ea

	"""
	Author:
	Alexander Hanel
	Name:
	pe_ham_brute.py
	Purpose:
	- POC that searches for n-grams and uses them as the XOR key.
	- Also uses hamming distance to guess key size. Check out cryptopals Challenge 6
	for more details https://cryptopals.com/sets/1/challenges/6
	Example:

	# pip3 install pygore
	# modified version of code from https://go-re.tk/pygore/
	import glob
	import pygore
	from hashlib import md5
	def go_hash(data):
	return md5(b','.join(data)).hexdigest()
	for _file in glob.glob("*"):
	if _file.endswith(".py") or _file.endswith(".txt"):
	continue

	import idautils
	import re
	import struct

	"""
	Example 1

	.text:3500108D 60 pusha
	.text:3500108E 66 B8 65 4B mov ax, 4B65h
	.text:35001092

	ea = idaapi.get_screen_ea()
	cfunc = idaapi.decompile(ea)
	for cc, item in enumerate(cfunc.treeitems):
	if item.ea != BADADDR:
	if cfunc.treeitems.at(cc).ea == here():
	print(cc)