asmscan

package
v0.0.0-...-9602c5b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package asmscan provides functions for scanning the machine code of functions.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FindARM64ReturnInstructions

func FindARM64ReturnInstructions(data []byte) ([]uint64, error)

FindARM64ReturnInstructions is a callback for ScanFunction that scans for all ARM 64-bit return instructions (RET, not RETAA/RETAB) contained in the given buffer of machine code. On success, this function returns the index into the buffer of the start of each return instruction.

Note that this may not behave well with panics or defer statements. See the following links for more context: - https://github.com/go-delve/delve/pull/2704/files#diff-fb7b7a020e32bf8bf477c052ac2d2857e7e587478be6039aebc7135c658417b2R769 - https://github.com/go-delve/delve/blob/75bbbbb60cecda0d65c63de7ae8cb8b8412d6fc3/pkg/proc/breakpoints.go#L86-L95 - https://github.com/go-delve/delve/blob/75bbbbb60cecda0d65c63de7ae8cb8b8412d6fc3/pkg/proc/breakpoints.go#L374

func FindX86_64ReturnInstructions

func FindX86_64ReturnInstructions(data []byte) ([]uint64, error)

FindX86_64ReturnInstructions is a callback for ScanFunction that scans for all x86_64 return instructions (RET) contained in the given buffer of machine code. On success, this function returns the index into the buffer of the start of each return instruction.

Note that this may not behave well with panics or defer statements. See the following links for more context: - https://github.com/go-delve/delve/pull/2704/files#diff-fb7b7a020e32bf8bf477c052ac2d2857e7e587478be6039aebc7135c658417b2R769 - https://github.com/go-delve/delve/blob/75bbbbb60cecda0d65c63de7ae8cb8b8412d6fc3/pkg/proc/breakpoints.go#L86-L95 - https://github.com/go-delve/delve/blob/75bbbbb60cecda0d65c63de7ae8cb8b8412d6fc3/pkg/proc/breakpoints.go#L374

func ScanFunction

func ScanFunction(textSection *safeelf.Section, sym safeelf.Symbol, functionOffset uint64, scanInstructions func(data []byte) ([]uint64, error)) ([]uint64, error)

ScanFunction finds the program counter (PC) positions of machine code instructions within a specific range of the text section of a binary, using the provided callback to disassemble and scan the buffer of machine code. The callback should return a slice of indices into the buffer that point to positions within the larger binary. These positions will then be adjusted based on the offset of the text section to provide the same positions as PC positions, which will be returned from the outer function.

lowPC, highPC forms an interval that contains all machine code bytes up to but not including high PC. In practice, this works well for scanning the instructions of functions, since highPC (in both DWARF parlance and in the Go symbol table), seems to refer to the address of the first location *past* the last instruction of the function.

This function was intended to be used to find return instructions for functions in Go binaries, for the purpose of then attaching eBPF uprobes to these locations. This is needed because uretprobes don't work well with Go. See the following links for more info:

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL