automatically load .symtab from PE go binaries

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset

https://www.radare.org/

GNU Lesser General Public License v3.0

20.58k stars 3k forks source link

automatically load .symtab from PE go binaries #12959

Open oddcoder opened 5 years ago

oddcoder commented 5 years ago

Go binaries, if I am not mistaken, uses ELF like .symtab to store symbols in its PE files. it seams that Radare2 doesn't load these symbols automatically.

It will be great if radare2 could load symbols from .symtab automatically, I verified IDA could in fact load these symbols.

I have attached a Binary file from an old CTF that can be used as a test case:

bin.zip

Maijin commented 5 years ago

Wait isn’t that what aaa does by default?

oddcoder commented 5 years ago

nope it didn't work as expected.

I guess .symtab isn't a standard PE section and symbols was supposed to be to somewhere else. but Go choosed an ELF like section for symbols.

SiD3W4y commented 5 years ago

One solution would be to look for the gopclntab magic header as a fallback method if the section cannot be found (like here: https://github.com/SiD3W4y/r2-gorecover/blob/master/gorecover.c#L91).