README
¶
Buna
The software package provides various executable file format analysis capabilities
- PE/COFF
- ELF
- Mach-O
This package is transplanted from debug in the Golang source code directory. Currently, it supports parsing ARM64 PE files, as well as parsing export tables and delayed import tables.
This package also ported ianlancetaylor/demangle, which can demangle MSVC ABI C++ functions in Windows.
Docs
https://pkg.go.dev/github.com/fcharlie/buna
Usage
go get github.com/fcharlie/buna
Example:
package main
import (
"fmt"
"os"
"github.com/fcharlie/buna/debug/pe"
"github.com/fcharlie/buna/demangle"
)
func main() {
if len(os.Args) < 2 {
fmt.Fprintf(os.Stderr, "usage: %s pefile\n", os.Args[0])
os.Exit(1)
}
fd, err := pe.Open(os.Args[1])
if err != nil {
fmt.Fprintf(os.Stderr, "unable open file: %s %v\n", os.Args[1], err)
os.Exit(1)
}
defer fd.Close()
ft, err := fd.LookupFunctionTable()
if err != nil {
fmt.Fprintf(os.Stderr, "unable LookupExports: %s %v\n", os.Args[1], err)
os.Exit(1)
}
for dll, ims := range ft.Imports {
fmt.Fprintf(os.Stderr, "\x1b[33mDllName: %s\x1b[0m\n", dll)
for _, n := range ims {
if n.Ordinal == 0 {
fmt.Fprintf(os.Stderr, "%s %d\n", n.Name, n.Index)
continue
}
fmt.Fprintf(os.Stderr, "Ordinal%d (Ordinal %d)\n", n.Ordinal, n.Ordinal)
}
}
for dll, ims := range ft.Imports {
fmt.Fprintf(os.Stderr, "\x1b[34mDelay DllName: %s\x1b[0m\n", dll)
for _, n := range ims {
if n.Ordinal == 0 {
fmt.Fprintf(os.Stderr, "(Delay) %s %d\n", n.Name, n.Index)
continue
}
fmt.Fprintf(os.Stderr, "(Delay) Ordinal%d (Ordinal %d)\n", n.Ordinal, n.Ordinal)
}
}
for _, d := range ft.Exports {
fmt.Fprintf(os.Stderr, "\x1b[35mE %5d %08X %s (Hint: %d)\x1b[0m\n", d.Ordinal, d.Address, demangle.Demangle(d.Name), d.Hint)
}
}
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
debug
|
|
|
cfg
Package cfg holds configuration shared by the Go command and internal/testenv.
|
Package cfg holds configuration shared by the Go command and internal/testenv. |
|
elf
Package elf implements access to ELF object files.
|
Package elf implements access to ELF object files. |
|
macho
Package macho implements access to Mach-O object files.
|
Package macho implements access to Mach-O object files. |
|
pe
Package pe implements access to PE (Microsoft Windows Portable Executable) files.
|
Package pe implements access to PE (Microsoft Windows Portable Executable) files. |
|
saferio
Package saferio provides I/O functions that avoid allocating large amounts of memory unnecessarily.
|
Package saferio provides I/O functions that avoid allocating large amounts of memory unnecessarily. |
|
testenv
Package testenv provides information about what functionality is available in different testing environments run by the Go team.
|
Package testenv provides information about what functionality is available in different testing environments run by the Go team. |
|
zstd
Package zstd provides a decompressor for zstd streams, described in RFC 8878.
|
Package zstd provides a decompressor for zstd streams, described in RFC 8878. |
|
Package demangle defines functions that demangle GCC/LLVM C++ and Rust symbol names.
|
Package demangle defines functions that demangle GCC/LLVM C++ and Rust symbol names. |
|
example
|
|
Click to show internal directories.
Click to hide internal directories.