Analyse .rodata/go:embed content

A tool for analyzing the size of compiled Go binaries, offering cross-platform support, detailed breakdowns, and multiple output formats.

Brought to you by: zxilly

#44 Analyse .rodata/go:embed content

Status: open

Owner: nobody

Labels: enhancement (4)

Updated: 2024-06-17

Created: 2024-05-15

Creator: Anonymous

Private: No

Originally created by: gudvinr

go:embed stores its data in .rodata section of the binary file.

I am not sure if it's possible to extract all of the content of .rodata but it would be useful to at least have some idea about embedded content.

As for example, lingua-go stores tremendous amounts of embeds, so .rodata will take up ~100Mb of the file.

Information on the exact data structure is rather sparse but it's somewhat simple because we know what does the embedding (it is https://pkg.go.dev/embed)

See also:

Discussion

Anonymous - 2024-05-15

Originally posted by: Zxilly

This is certainly possible, and in fact existing methods based on decompilation already recognise some of them.
But I discarded the results that could not be recognised as strings when I processed the results obtained from decompilation. Because false positives can be very disturbing.
There is an additional difficulty, gsa currently supports three platforms, pe/macho/elf, and writing a parser for each platform or even each go version might be too much work.
I would expect a parser based on dwarf to handle this, after all, at runtime the embedded content is just a string of bytes. golang uses dwarf on all platforms including pe, so the workload is relatively acceptable.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2024-06-09

Originally posted by: Zxilly

The dwarf doesn't contain information about embed, maybe we still need some reverse engineering work.
Therefore, it may be a long wait to implement this feature.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2024-06-15

Originally posted by: Zxilly

Please try v1.3.0. It has an initial support for embed parse.
You must compile with the debug symbol to enable this feature.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2024-06-15

Originally posted by: Zxilly

Keeping this issue open for now, as the new implementation is based on inversion and some assumptions, and it's not certain that the code will handle all real-world situations correctly. Expect feedback to fix it further.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2024-06-17

Originally posted by: gudvinr

I see that my test binary now reduced unknown .rodata size from ~9MB to ~3MB. Good work, thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.