# Golang plugin

Golang binaries are by default statically linked and full of metadata therefore a lot can be gained from annotating a Golang binary's contents using recovered metadata.

## Detection

The golang plugin's analysis only happens by default if the input file is detected as a Golang file. There are multiple mechanisms in place to detect that:

```
 - if a Golang startup signature matches the entry point (PC-only)
 - if the Golang plugin detects a Golang-specific segment name
 - if the elf loader finds a "Go" note in the input file
 - on PE files: if certain Golang symbol names or a Go build id signature is found
```

## Analysis

The metadata parsed by the golang plugin falls under two main categories:

```
 - function information (e.g. name, package, range) retrieved from the pclntab
 - type information (e.g. name, package, layout, size) retrieved from the typelinks table
```

The package paths of functions and types are used to create folders. This analysis will occur upon \`ev\_newfile\` (when a new file has been loaded) if Golang has been detected.

## Actions

```
  `golang:detect_and_parse` (Edit>Other)
```

This action is useful to force a full search of the binary for Golang metadata. It will first attempt to parse a pclntab at the current address, if this is unsuccessful it will perform a full search of the binary for the pclntab's signature and parse it if found. In addition, it will also attempt to locate and parse the type information.

## Calling Conventions

Golang has its own calling convention(s), denoted in IDA as \`\_\_golang\`. In fact, Golang has two different calling conventions: a stack-based CC (abi0) and a newer register-based CC (abiinternal). The version of Golang and thus which calling convention to use will be automatically inferred from metadata structures; It is also controllable through the \`force\_regabi\` command line option.

## List of \`-Ogolang\` options

Command line options take precedence over config file options.

```
  force                         try to force the analysis
                                (no detection step needed)
  off                           disable the plugin
  no_rtypes                     do not import any types
  rname_len2                    force the reflect type name format to go1.17
                                and later (varint encoding: 1-10 bytes)
  rname_len1                    force the reflect type name format to before
                                go1.17 (2 bytes)
  import_lnnums                 recover file names & line numbers from pclntab
  no_func_end_from_pcval_tabs   do not derive a function's end from pclntab
                                metadata
  force_regabi[=on|=off]        override calling convention version
                                 `=off`: will force the stack-based CC
                                 `=on`/no value: will force
                                 the register-based CC
```

See cfg/golang.cfg for available configuration options.

## Examples

forcing analysis and register-based calling convention

```
  -Ogolang:force:force_regabi
```

disabling the plugin

```
  -Ogolang:off
```