As part of our effort to improve the analysis of Go programs, we included FLIRT signatures from functions for the Go runtime and standard library in the recently-released IDA 7.7.
Those signatures, that support Go runtimes versions 1.10 through 1.16 (for x64 architectures, on Windows, Linux & Mac), can greatly improve the workflow of users as they allow them to quickly identify library functions (which can usually be ignored). And, since Go executables are statically linked, large parts of the binaries can quickly be marked as library code.
Alas, we cannot reasonably do that for all combinations of Go
runtime versions, CPU architectures, and OSes.
That is why we today we are providing a new tool –
go2pat – to enable
users to generate patterns (that can then be built into signatures by
sigmake) from Go distributions for different architectures & operating
We have made the
go2pat tool part of the flair77.zip set of
utilities. Be sure to have a look at
go/go2pat/go2pat.md for instructions!