Improve code clarity in non-Go files and review comments for Go code

Author: f0alex

README.md

@@ -73,12 +73,12 @@ Settings are stored in a file `.llef` located in your home directory formatted a
 | rebase_addresses        | Boolean | Enable/disable address rebase output               |
 | rebase_offset           | Int     | Set the rebase offset (default 0x100000)           |
 | show_all_registers      | Boolean | Enable/disable extended register output            |
-| enable_darwin_heap_scan | Boolean | Enable/disable more accurate heap scanning for Darwin-based platforms. Uses the Darwin malloc introspection API, executing code in the address space of the target application using LLDB's evaluation engine. |
+| enable_darwin_heap_scan | Boolean | Enable/disable more accurate heap scanning for Darwin-based platforms. Uses the Darwin malloc introspection API, executing code in the address space of the target application using LLDB's evaluation engine |
 | max_trace_length        | Int     | Set the maximum length of the call stack backtrace to display                                        |
 | stack_view_size         | Int     | Set the number of entries in the stack read to display                                               |
 | max_disassembly_length  | Int     | Set the maximum number of instructions to disassemble and display around the current PC              |
-| go_support_level        | String  | Control Golang-specific analysis. `disable` / `auto` (default) / `force`. Go support in Windows binaries requires `force`. |
-| go_confidence_threshold | String  | Set the confidence threshold (`low` / `medium` / `high`) for Go objects to be shown in the context view. |
+| go_support_level        | String  | Control Golang-specific analysis. `disable` / `auto` (default) / `force`. For performance reasons, Go support in Windows binaries requires `force`. |
+| go_confidence_threshold | String  | Set the confidence threshold (`low` / `medium` / `high`) for Go objects to be shown in the context view |
 
 #### llefcolorsettings
 Allows setting LLEF GUI colors:
@@ -116,6 +116,7 @@ Supported colors: BLUE, GREEN, YELLOW, RED, PINK, CYAN, GREY
 | dereferenced_register_color   |
 | frame_argument_name_color     |
 | read_memory_address_color     |
+| go_type_color                 |
 
 #### Hexdump
 View memory contents with:

arch/x86_64.py

@@ -17,11 +17,8 @@ class X86_64(BaseArch):
         "rbx",
         "rcx",
         "rdx",
-        "rsp",
-        "rbp",
-        "rsi",
         "rdi",
-        "rip",
+        "rsi",
         "r8",
         "r9",
         "r10",
@@ -30,6 +27,9 @@ class X86_64(BaseArch):
         "r13",
         "r14",
         "r15",
+        "rsp",
+        "rbp",
+        "rip",
     ]
 
     gpr_key = "general purpose"

commands/golang.py

@@ -11,14 +11,14 @@
 from commands.base_container import BaseContainer
 from common.constants import MSG_TYPE
 from common.context_handler import ContextHandler
-from common.golang.constants import GO_TUNE_DEFAULT_UNPACK_DEPTH
+from common.golang.analysis import go_get_backtrace
+from common.golang.constants import GO_DEFAULT_UNPACK_DEPTH
 from common.golang.data import GoDataBad
-from common.golang.improvements import go_improve_backtrace
 from common.golang.state import GoState
 from common.golang.static import setup_go
 from common.golang.type_getter import TypeGetter
 from common.golang.types import ExtractInfo
-from common.golang.util import go_calculate_bp, go_find_func, perform_go_functions
+from common.golang.util import go_calculate_base_pointer, go_context_analysis, go_find_func
 from common.output_util import output_line, print_message
 from common.settings import LLEFSettings
 from common.state import LLEFState
@@ -103,7 +103,7 @@ def __call__(
 
         if self.settings.go_support_level == "disable":
             print_message(MSG_TYPE.ERROR, GO_DISABLED_MSG)
-        elif not perform_go_functions(self.settings):
+        elif not go_context_analysis(self.settings):
             print_message(MSG_TYPE.ERROR, "The binary does not appear to be a Go binary.")
         else:
 
@@ -117,9 +117,9 @@ def __call__(
                 try:
                     # User has typed in a numeric address
                     address = int(address_or_name, 0)
-                    record = go_find_func(address)
-                    if record is not None:
-                        (entry, gofunc) = record
+                    function_mapping = go_find_func(address)
+                    if function_mapping is not None:
+                        (entry, gofunc) = function_mapping
                         output_line(f"{hex(entry)} - {gofunc.name} (file address = {hex(gofunc.file_addr)})")
                     else:
                         print_message(MSG_TYPE.ERROR, f"Could not find function containing address {hex(address)}")
@@ -129,9 +129,9 @@ def __call__(
                     name = address_or_name
 
                     success = False
-                    for entry, f in LLEFState.go_state.pclntab_info.func_mapping:
-                        if f.name == name:
-                            output_line(f"{hex(entry)} - {name} (file address = {hex(f.file_addr)})")
+                    for entry, gofunc in LLEFState.go_state.pclntab_info.func_mapping:
+                        if name in gofunc.name:
+                            output_line(f"{hex(entry)} - {gofunc.name} (file address = {hex(gofunc.file_addr)})")
                             success = True
                             # Don't break: there are potentially multiple matches.
 
@@ -164,8 +164,8 @@ def get_command_parser(cls) -> argparse.ArgumentParser:
             "-d",
             "--depth",
             type=positive_int,
-            default=GO_TUNE_DEFAULT_UNPACK_DEPTH,
-            help=f"Depth to unpack child types, default is {GO_TUNE_DEFAULT_UNPACK_DEPTH}",
+            default=GO_DEFAULT_UNPACK_DEPTH,
+            help=f"Depth to unpack child types, default is {GO_DEFAULT_UNPACK_DEPTH}",
         )
 
         return parser
@@ -184,7 +184,7 @@ def get_long_help() -> str:
             + "If not given an argument, prints a table of all known types."
             + os.linesep
             + "The depth argument specifies how deeply to follow and unpack child types. "
-            + f"It defaults to {GO_TUNE_DEFAULT_UNPACK_DEPTH}"
+            + f"It defaults to {GO_DEFAULT_UNPACK_DEPTH}"
             + os.linesep
             + GolangGetTypeCommand.get_command_parser().format_help()
         )
@@ -214,7 +214,7 @@ def __call__(
 
         if self.settings.go_support_level == "disable":
             print_message(MSG_TYPE.ERROR, GO_DISABLED_MSG)
-        elif not perform_go_functions(self.settings):
+        elif not go_context_analysis(self.settings):
             print_message(MSG_TYPE.ERROR, "The binary does not appear to be a Go binary.")
         elif LLEFState.go_state.moduledata_info is None:
             print_message(MSG_TYPE.ERROR, "No type information available in this Go binary.")
@@ -257,6 +257,14 @@ def __call__(
                     else:
                         print_message(MSG_TYPE.ERROR, f"Could not parse type '{name}'")
 
+                        found = False
+                        for ptr, type_struct in LLEFState.go_state.moduledata_info.type_structs.items():
+                            if name in type_struct.header.name:
+                                if found is False:
+                                    print_message(MSG_TYPE.ERROR, "Did you mean:")
+                                    found = True
+                                output_line(f"{hex(ptr)} - {type_struct.header.name}")
+
 
 class GolangUnpackTypeCommand(BaseCommand):
     """Implements the 'unpack-type' subcommand"""
@@ -286,8 +294,8 @@ def get_command_parser(cls) -> argparse.ArgumentParser:
             "-d",
             "--depth",
             type=positive_int,
-            default=GO_TUNE_DEFAULT_UNPACK_DEPTH,
-            help=f"Depth to unpack child objects, default is {GO_TUNE_DEFAULT_UNPACK_DEPTH}",
+            default=GO_DEFAULT_UNPACK_DEPTH,
+            help=f"Depth to unpack child objects, default is {GO_DEFAULT_UNPACK_DEPTH}",
         )
         return parser
 
@@ -303,7 +311,7 @@ def get_long_help() -> str:
             + "The type can either be a string or a pointer to a type information structure."
             + os.linesep
             + "The depth argument specifies how deeply to follow and unpack child objects. "
-            + f"It defaults to {GO_TUNE_DEFAULT_UNPACK_DEPTH}"
+            + f"It defaults to {GO_DEFAULT_UNPACK_DEPTH}"
             + os.linesep
             + GolangUnpackTypeCommand.get_command_parser().format_help()
         )
@@ -334,7 +342,7 @@ def __call__(
 
         if self.settings.go_support_level == "disable":
             print_message(MSG_TYPE.ERROR, GO_DISABLED_MSG)
-        elif not perform_go_functions(self.settings):
+        elif not go_context_analysis(self.settings):
             print_message(MSG_TYPE.ERROR, "The binary does not appear to be a Go binary.")
         elif LLEFState.go_state.moduledata_info is None:
             print_message(MSG_TYPE.ERROR, "No type information available in this Go binary.")
@@ -438,22 +446,25 @@ def __call__(
 
         if self.settings.go_support_level == "disable":
             print_message(MSG_TYPE.ERROR, GO_DISABLED_MSG)
-        elif not perform_go_functions(self.settings):
+        elif not go_context_analysis(self.settings):
             print_message(MSG_TYPE.ERROR, "The binary does not appear to be a Go binary.")
         else:
             # At this point, we're good to go with running the command.
 
-            bt = go_improve_backtrace(
+            backtrace = go_get_backtrace(
                 exe_ctx.GetProcess(),
                 exe_ctx.GetFrame(),
                 self.context_handler.arch,
                 self.context_handler.color_settings,
                 depth,
             )
-            if bt is not None:
-                output_line(bt)
+            if backtrace is not None:
+                output_line(backtrace)
             else:
-                print_message(MSG_TYPE.ERROR, "Go traceback failed. Try using LLDB's `bt` command.")
+                print_message(
+                    MSG_TYPE.ERROR,
+                    "Go traceback failed (only supported on x86 and x86_64). Try using LLDB's `bt` command.",
+                )
 
 
 class GolangReanalyseCommand(BaseCommand):
@@ -511,5 +522,5 @@ def __call__(
         else:
             LLEFState.go_state = GoState()
             setup_go(exe_ctx.GetProcess(), exe_ctx.GetTarget(), self.settings)
-            go_calculate_bp.cache_clear()
+            go_calculate_base_pointer.cache_clear()
             go_find_func.cache_clear()

common/color_settings.py

@@ -98,6 +98,10 @@ def read_memory_address_color(self) -> str:
     def address_operand_color(self) -> str:
         return self._RAW_CONFIG.get(self.GLOBAL_SECTION, "address_operand_color", fallback="RED").upper()
 
+    @property
+    def go_type_color(self) -> str:
+        return self._RAW_CONFIG.get(self.GLOBAL_SECTION, "go_type_color", fallback="CYAN").upper()
+
     def __init__(self) -> None:
         self.supported_colors = [color.name for color in TERM_COLORS]
         self.supported_colors.remove(TERM_COLORS.ENDC.name)

common/constants.py

@@ -2,6 +2,10 @@
 
 from enum import Enum, IntEnum
 
+# Pointers are stored using int, however, this can lead to confusion between an offset, an absolute address,
+# and just a plain old integer value. The llef_pointer alias is intended to improve readability.
+pointer = int
+
 
 class TERM_COLORS(Enum):
     """Used to colorify terminal output."""