binject / debug Goto Github PK
View Code? Open in Web Editor NEWFork of pkg/debug that adds some additional functionality.
License: BSD 3-Clause "New" or "Revised" License
Fork of pkg/debug that adds some additional functionality.
License: BSD 3-Clause "New" or "Revised" License
That is, instead of:
func Parse(objPath, pkgPath string, importCfg ImportCfg) (*Package, error)
just:
func Parse(objPath, pkgPath string, importMap func(importPath string) (objectPath string)) (*Package, error)
Reasons to do so:
map[string]importedPkg
which also contains the object path, but since it's not a map[string]ExportInfo
, I can't reuse it. I'd need two maps with the same keys, which is not ideal.Hi! @capnspacehook added this module as a dependency in https://github.com/burrowers/garble, which I think is perfectly reasonable.
Unfortunately, this repository has no license information, which is pretty scary. Please add some, which I assume should be just a copy of Go's own license info. With a license file, https://pkg.go.dev/github.com/Binject/debug/goobj2 would also work, which is now an error due to the lack of license info.
i want to change https://github.com/frkngksl/Huan/blob/7e533ceeeedeecf390546a077bca3400960f5a4a/HuanLoader/Loader.cpp
go golang.
bug i don't know how to deal with line 137-139.
pe.export error when installed SentinelOne EDR
panic: runtime error: slice bounds out of range [266362:208896]
goroutine 1 [running]:
github.com/Binject/debug/pe.(*File).Exports(0xc0000dbea8)
C:/Users/JohnDoe/go/pkg/mod/github.com/!binject/[email protected]/pe/exports.go:102 +0xa0d
For example:
# import config
importmap golang.org/x/net/dns/dnsmessage=vendor/golang.org/x/net/dns/dnsmessage
packagefile context=$WORK/tmp/go-build068570326/b003/_pkg_.a
packagefile errors=$WORK/tmp/go-build068570326/b004/_pkg_.a
packagefile vendor/golang.org/x/net/dns/dnsmessage=$WORK/tmp/go-build068570326/b020/_pkg_.a
packagefile internal/bytealg=$WORK/tmp/go-build068570326/b009/_pkg_.a
packagefile internal/nettrace=$WORK/tmp/go-build068570326/b021/_pkg_.a
packagefile internal/poll=$WORK/tmp/go-build068570326/b022/_pkg_.a
packagefile internal/singleflight=$WORK/tmp/go-build068570326/b025/_pkg_.a
packagefile io=$WORK/tmp/go-build068570326/b024/_pkg_.a
packagefile math/rand=$WORK/tmp/go-build068570326/b026/_pkg_.a
packagefile os=$WORK/tmp/go-build068570326/b029/_pkg_.a
packagefile runtime=$WORK/tmp/go-build068570326/b008/_pkg_.a
packagefile sort=$WORK/tmp/go-build068570326/b032/_pkg_.a
packagefile sync=$WORK/tmp/go-build068570326/b014/_pkg_.a
packagefile sync/atomic=$WORK/tmp/go-build068570326/b016/_pkg_.a
packagefile syscall=$WORK/tmp/go-build068570326/b018/_pkg_.a
packagefile time=$WORK/tmp/go-build068570326/b017/_pkg_.a
packagefile runtime/cgo=$WORK/tmp/go-build068570326/b033/_pkg_.a
This is akin to the ImportMap
field of go list -json
. It essentially tells you that the package in question imports golang.org/x/net/dns/dnsmessage
, but the actual package being imported there is vendor/golang.org/x/net/dns/dnsmessage
, so you should look for packagefile vendor/golang.org/x/net/dns/dnsmessage=...
.
This happens in burrowers/garble#146, for example.
Code:
package main
import (
"fmt"
"github.com/Binject/debug/goobj2"
)
func main() {
const magicHeaderName = "magic/example"
magicData := []byte("{}")
original, err := goobj2.Parse("a.obj", "main", nil)
if err != nil {
panic(err)
}
original.ArchiveMembers = append(original.ArchiveMembers, goobj2.ArchiveMember{
ArchiveHeader: goobj2.ArchiveHeader{
Name: magicHeaderName,
Size: int64(len(magicData)),
Data: magicData,
},
IsDataObj: true,
})
if err := original.Write("b.obj"); err != nil {
panic(err)
}
_, err = goobj2.Parse("b.obj", "main", nil)
if err != nil {
panic(err)
}
}
Output:
panic: EOF
goroutine 1 [running]:
main.main()
main.go:33 +0x527
Error from here: https://github.com/Binject/debug/blob/master/goobj2/file.go#L550
As per title - looks like it just needs to be commented out.
Line 86 in 3ba66a8
After parsing an object file, I get an invalid ArchiveHeader.Data
field with garbage at the end. The ArchiveHeader.Size
field is also set incorrectly.
package main
import (
"fmt"
"github.com/Binject/debug/goobj2"
)
func main() {
const magicHeaderName = "magic/example"
magicData := make([]byte, 256)
original, err := goobj2.Parse("a.obj", "main", nil)
if err != nil {
panic(err)
}
original.ArchiveMembers = append(original.ArchiveMembers, goobj2.ArchiveMember{
ArchiveHeader: goobj2.ArchiveHeader{
Name: magicHeaderName,
Size: int64(len(magicData)),
Data: magicData,
},
})
if err := original.Write("b.obj"); err != nil {
panic(err)
}
patched, err := goobj2.Parse("b.obj", "main", nil)
if err != nil {
panic(err)
}
var magicArchive goobj2.ArchiveMember
for _, member := range patched.ArchiveMembers {
if member.ArchiveHeader.Name == magicHeaderName {
magicArchive = member
break
}
}
if magicArchive.ArchiveHeader.Size != int64(len(magicData)) {
panic(fmt.Sprintf("real size %d != parsed size %d", magicArchive.ArchiveHeader.Size, len(magicData)))
}
}
panic: real size 348 != parsed size 256
Line 101 in 9605c99
I noticed binject was nulling out the DOSStub when doing some static patching and narrowed it down to this branch - I believe the greater than check is just flipped (or maybe should be !=) but in either case, changing to
if dosHeaderSize < int(f.DosHeader.AddressOfNewExeHeader) {
at least results in a PE generated with the stub properly.
I am currently in the process of making a pull-request after my merges, and I am updating the debug library to upstream's state while trying to preserve the changes that you guys did in relation to shellcode injection, the internal flags on the structs etc.
Can you explain how you created the goobj2 folder or where those files/packages came from?
The upstream golang codebase only has a cmd/internal/goobj
folder, but it's not made for file parsing, and the debug
folder doesn't contain the goobj2 subfolder.
Was that something that you implemented by yourself for debugging purposes?
It's a little unclear to me, any help or pointers appreciated.
(Tagging for notification @capnspacehook @awgh )
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.