Research Inlined Instance data

mandiant / GoReSym

Go symbol recovery tool

MIT License

490 stars 62 forks source link

Research Inlined Instance data #53

Open stevemk14ebr opened 2 months ago

stevemk14ebr commented 2 months ago

https://github.com/elastic/otel-profiling-agent/blob/main/docs/gopclntab.md

speaks of Inlined Instance Data. Research how this can be utilized for RE purposed and labelling an IDA database better.

stevemk14ebr commented 2 months ago

struct runtime_inlinedCall {
  uint8_t funcID;
  uint8_t _[3];
  int32_t nameOff;
  int32_t parentPc;
  int32_t startLine;
};

From the document, parentPc can be used to locate the parent function, and startLine + nameOff can likely be used to annotate the specific VA where an inlined function starts (and ends) by name. I suspect startLine will need to be looked up in the line table to get the VA rather than line number.

brigadier-general commented 1 month ago

go src file with inlining logic, for reference -- https://github.com/golang/go/blob/go1.20.6/src/cmd/compile/internal/inline/inl.go

brigadier-general commented 1 month ago

explanation of how/why go compiler does leaf inlining -- https://dave.cheney.net/2020/04/25/inlining-optimisations-in-go