Go2pat: a tool for building signatures for Golang binaries

As part of our effort to improve the analysis of Go programs, we included FLIRT signatures from functions for the Go runtime and standard library in the recently-released IDA 7.7.

Those signatures, that support Go runtimes versions 1.10 through 1.16 (for x64 architectures, on Windows, Linux & Mac), can greatly improve the workflow of users as they allow them to quickly identify library functions (which can usually be ignored). And, since Go executables are statically linked, large parts of the binaries can quickly be marked as library code.

Alas, we cannot reasonably do that for all combinations of Go runtime versions, CPU architectures, and OSes. That is why we today we are providing a new tool – go2pat – to enable users to generate patterns (that can then be built into signatures by using sigmake) from Go distributions for different architectures & operating systems.

We have made the go2pat tool part of the flair77.zip set of utilities. Be sure to have a look at go/go2pat/go2pat.md for instructions!

Article Link: go2pat: a tool for building signatures for Golang binaries – Hex Rays