使用Go反编译已编译的程序

huangapple go评论110阅读模式
英文:

Decompiling a compiled program with Go

问题

我用Go构建了一个简单的可执行程序。

我已经将代码编译成了一个静态二进制程序。

我想反编译输出的二进制文件并获取Go源代码。

这个可能吗?

英文:

I have built a simple executable program with Go.

I've compiled the code into a static binary program.

I want to decompile the output binary file and get the Go source code.

Is this possible or not?

答案1

得分: 60

目前没有工具可以做到这一点,因为Go程序被编译成机器码,它们不包含足够的信息来将其翻译回Go代码。不过,标准的反汇编技术仍然是可行的。

英文:

There is no tool to do that and as Go programs are compiled into machine code, they do not contain enough information to translate them back into Go code. Standard disassembly techniques are still possible though.

答案2

得分: 37

目前没有已知的工具可以将代码反编译为Go源代码。

Go是一种本地语言编译器,不同于依赖类加载器的Java和类似语言,它使用链接器来生成可执行文件。因此,仅仅重构调用树就像在C和类似语言中一样,更加困难。

调试信息(如符号)通常会从Go可执行文件中剥离。

在Golang代码的符号调试方面,几乎没有什么可用的工具。

例如,据我所知,GDB在当前状态下与Go架构不对齐,从而在Golang符号调试方面实际上无法正常工作。正是因为这个原因,Go GDB已经从IntelliJ IDE中删除。

一些用户正在尝试通过实验性的努力来恢复GDB的功能,但这些努力需要使用特殊的非标准编译选项编译Go源代码以支持调试。例如:
http://blog.securitymouse.com/2014/10/golang-debugging-turning-pennies-into-gs.html
其他针对Go的符号调试器也需要插入非标准代码以支持调试器,例如Hopwatch

因此,如果您需要对Go程序进行逆向工程,最好使用传统的低级逆向工程工具,如IDA PRO。这是完全可能的,但最多只能得到类似伪代码C或汇编语言的东西,而不是Go源代码。

该语言的一些特性在其他语言中不存在,例如通道,这些特性需要一些学习和非平凡的方法。例如:http://jolmos.blogspot.nl/2014/09/inbincible-writeup-golang-binary.html

英文:

There is no known tool which currently decompiles to Go sources.

Go is a native language compiler, unlike Java and similar languages, which rely on a Class Loader, uses a linker in order to produce its executables.
Therefore just reconstructing the call tree is, as in C and similar languages, a lot harder.

Debug information such as symbols are normally stripped off the Go executable.

There exists very little even in terms of Symbolic debugging of Golang code.

GDB for instance is AFAIK in its current state not aligned with Go architecture and is practically not functional in terms of Golang symbolic debugging. Go GDB has been dropped off IntelliJ ide for this very reason.

There are experimental efforts trying to regain GDB functionality by some users, but these require Go sources to have been compiled with special nonstandard provisions in order to support debugging. e.g.:
http://blog.securitymouse.com/2014/10/golang-debugging-turning-pennies-into-gs.html
Other symbolic debuggers for Go also need insertion of non-standard code in order to support the debugger, e.g. Hopwatch

Therefore, if you need to reverse engineer a Go program, you are better off with traditional, lower level reverse engineering tools such as IDA PRO. This is definitely possible, but at most you will get something resembling pseudo-code C, or ASM, never Go sources.

Some feature of the language are non existing in other languages, e.g. channels, and these require some study and a non trivial approach. E.g.: http://jolmos.blogspot.nl/2014/09/inbincible-writeup-golang-binary.html

答案3

得分: 2

现在有一种逆向工程的方法,但在此之后仍需要大量的努力。

参考:GoTools

这个工具与Ghidra一起使用,Ghidra是一种用于逆向工程的NSA工具。

GoLang Renamer

这个Python脚本有助于一些反编译后的重命名任务。

注意:在尝试这些方法之前,请参考当地法律,确保不会涉及任何专有软件。

英文:

Now a day's there is a way to reverse engineer,
But still there is lot of efforts involved after that.

Refer: GoTools

This works with [Ghidra], (https://github.com/NationalSecurityAgency/ghidra/releases), An NSA Tool for Reverse Engineering.

GoLang Renamer

This Python script helps in some of post de-compilation tasks to rename.

Note: Before trying any of this, please refer local law that you are not messing up with any proprietary software.

huangapple
  • 本文由 发表于 2014年7月30日 18:06:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/25034065.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定