add support for Go runtime v1.26

.gitignore

@@ -19,3 +19,6 @@ Dockerfile.test
 # Dependency directories (remove the comment below to include it)
 # vendor/
 
+# Agent files
+.agent/
+.agents/

build_test_files.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 trap "exit" INT
 sudo rm -rf $(pwd)/test/build
-versions=("1.25" "1.24" "1.23" "1.22" "1.21" "1.20" "1.19" "1.18" "1.17" "1.16" "1.15" "1.14" "1.13" "1.12" "1.11" "1.10" "1.9" "1.8" "1.7" "1.6" "1.5")
+versions=("1.26" "1.25" "1.24" "1.23" "1.22" "1.21" "1.20" "1.19" "1.18" "1.17" "1.16" "1.15" "1.14" "1.13" "1.12" "1.11" "1.10" "1.9" "1.8" "1.7" "1.6" "1.5")
 for v in "${versions[@]}"
 do
     GO_TAG=$v

debug/elf/file.go

@@ -16,6 +16,7 @@ import (
 	"io"
 	"os"
 	"strings"
+	"sync"
 
 	"github.com/mandiant/GoReSym/debug/dwarf"
 	"github.com/mandiant/GoReSym/saferio"
@@ -61,6 +62,7 @@ type File struct {
 	gnuVersym []byte
 
 	dataAfterSectionCache map[uint64][]byte // secVA -> dataAfterSection
+	dataAfterSectionMutex sync.Mutex
 }
 
 // A SectionHeader represents a single ELF section header.
@@ -689,9 +691,12 @@ func getString(section []byte, start int) (string, bool) {
 }
 
 func (f *File) DataAfterSection(target *Section) []byte {
-	if cached, ok := f.dataAfterSectionCache[uint64(target.Addr)]; ok {
+	f.dataAfterSectionMutex.Lock()
+	if cached, ok := f.dataAfterSectionCache[target.Addr]; ok {
+		f.dataAfterSectionMutex.Unlock()
 		return cached
 	}
+	f.dataAfterSectionMutex.Unlock()
 
 	data := []byte{}
 	found := false
@@ -712,7 +717,9 @@ func (f *File) DataAfterSection(target *Section) []byte {
 		}
 	}
 
-	f.dataAfterSectionCache[uint64(target.Addr)] = data
+	f.dataAfterSectionMutex.Lock()
+	f.dataAfterSectionCache[target.Addr] = data
+	f.dataAfterSectionMutex.Unlock()
 	return data
 }
 

debug/gosym/pclntab.go

@@ -264,7 +264,8 @@ func (t *LineTable) parsePclnTab(versionOverride string) {
 	t.Version = possibleVersion
 
 	if len(versionOverride) > 0 {
-		if strings.Contains(versionOverride, "1.25") ||
+		if strings.Contains(versionOverride, "1.26") ||
+			strings.Contains(versionOverride, "1.25") ||
 			strings.Contains(versionOverride, "1.24") ||
 			strings.Contains(versionOverride, "1.23") ||
 			strings.Contains(versionOverride, "1.22") ||

debug/macho/file.go

@@ -17,6 +17,7 @@ import (
 	"io"
 	"os"
 	"strings"
+	"sync"
 
 	"github.com/mandiant/GoReSym/debug/dwarf"
 )
@@ -33,6 +34,7 @@ type File struct {
 
 	closer                io.Closer
 	dataAfterSectionCache map[uint64][]byte // secVA -> dataAfterSection
+	dataAfterSectionMutex sync.Mutex
 }
 
 // A Load represents any Mach-O load command.
@@ -575,9 +577,12 @@ func (f *File) Segment(name string) *Segment {
 }
 
 func (f *File) DataAfterSection(target *Section) []byte {
+	f.dataAfterSectionMutex.Lock()
 	if cached, ok := f.dataAfterSectionCache[target.Addr]; ok {
+		f.dataAfterSectionMutex.Unlock()
 		return cached
 	}
+	f.dataAfterSectionMutex.Unlock()
 
 	data := []byte{}
 	found := false
@@ -597,7 +602,10 @@ func (f *File) DataAfterSection(target *Section) []byte {
 			}
 		}
 	}
+
+	f.dataAfterSectionMutex.Lock()
 	f.dataAfterSectionCache[target.Addr] = data
+	f.dataAfterSectionMutex.Unlock()
 	return data
 }
 

debug/pe/file.go

@@ -15,6 +15,7 @@ import (
 	"io"
 	"os"
 	"strings"
+	"sync"
 
 	"github.com/mandiant/GoReSym/debug/dwarf"
 )
@@ -33,6 +34,7 @@ type File struct {
 
 	closer                io.Closer
 	dataAfterSectionCache map[uint64][]byte // secVA -> dataAfterSection
+	dataAfterSectionMutex sync.Mutex
 }
 
 // Open opens the named file using os.Open and prepares it for use as a PE binary.
@@ -213,9 +215,12 @@ func (f *File) Section(name string) *Section {
 }
 
 func (f *File) DataAfterSection(target *Section) []byte {
+	f.dataAfterSectionMutex.Lock()
 	if cached, ok := f.dataAfterSectionCache[uint64(target.VirtualAddress)]; ok {
+		f.dataAfterSectionMutex.Unlock()
 		return cached
 	}
+	f.dataAfterSectionMutex.Unlock()
 
 	data := []byte{}
 	found := false
@@ -235,7 +240,10 @@ func (f *File) DataAfterSection(target *Section) []byte {
 			}
 		}
 	}
+
+	f.dataAfterSectionMutex.Lock()
 	f.dataAfterSectionCache[uint64(target.VirtualAddress)] = data
+	f.dataAfterSectionMutex.Unlock()
 	return data
 }
 

main.go

@@ -233,6 +233,7 @@ restartParseWithRealTextBase:
 		// if that location works, then we must have given it the correct pclntab VA. At least in theory...
 		// The resolved offsets within the pclntab might have used the wrong base though! We'll fix that later.
 		_, tmpModData, err := file.ModuleDataTable(tab.PclntabVA, extractMetadata.Version, extractMetadata.TabMeta.Version, extractMetadata.TabMeta.PointerSize == 8, extractMetadata.TabMeta.Endianess == "LittleEndian")
+
 		if err == nil && tmpModData != nil {
 			// if the search candidate relied on a moduledata va, make sure it lines up with ours now
 			stomppedMagicMetaConstraintsValid := true

main_test.go

@@ -11,7 +11,7 @@ import (
 	_ "net/http/pprof"
 )
 
-var versions = []string{"125", "124", "123", "122", "121", "120", "119", "118", "117", "116", "115", "114", "113", "112", "111", "110", "19", "18", "17", "16", "15"}
+var versions = []string{"126", "125", "124", "123", "122", "121", "120", "119", "118", "117", "116", "115", "114", "113", "112", "111", "110", "19", "18", "17", "16", "15"}
 var fileNames = []string{"testproject_lin", "testproject_lin_32", "testproject_lin_stripped", "testproject_lin_stripped_32", "testproject_mac", "testproject_mac_stripped", "testproject_win_32.exe", "testproject_win_stripped_32.exe", "testproject_win_stripped.exe", "testproject_win.exe"}
 
 func TestAllVersions(t *testing.T) {

objfile/elf.go

@@ -133,7 +133,7 @@ func (f *elfFile) pcln_scan() (candidates <-chan PclntabCandidate, err error) {
 	send_patched_magic_candidates := func(candidate *PclntabCandidate) {
 		has_some_valid_magic := false
 		for _, magic := range append(pclntab_sigs_le, pclntab_sigs_be...) {
-			if bytes.Equal(candidate.Pclntab, magic) {
+			if bytes.HasPrefix(candidate.Pclntab, magic) {
 				has_some_valid_magic = true
 				break
 			}