Closed syyoo84 closed 11 months ago
GoReSym is designed to work correctly with many malformed unpacked binaries but it is not possible to design it to handle packed binaries. To do this would require implementing generic unpackers for the many flavors of packers that exist, which we don't wish to do.
I do agree with you that in the context of Go, UPX is particularly common and would be nice to show the symbols of binaries packed with it on VT. We may consider some updates to handle this UPX unpacking within the VT pipeline - separate from GoReSym's implementation. Thanks!
Upx packing your binary will change the gobuildid. Checking with the goresym tool in such a case will result in a "failed to locate pclntab" error. It seems that the goresym tool needs to be modified so that gobuildid can be parsed from upx packed binaries.
https://www.virustotal.com/gui/file/47d328c308c710a7e84bbfb71aa09593e7a82b707fde0fb9356fb7124118dc88/content/hex