Parse headers of pclntab to verify it is legit used in go parser itself https://go.dev/src/debug/gosym/pclntab.go
(section, pclntab_va: int)
| 185 | |
| 186 | |
| 187 | def verify_pclntab(section, pclntab_va: int) -> bool: |
| 188 | """ |
| 189 | Parse headers of pclntab to verify it is legit |
| 190 | used in go parser itself https://go.dev/src/debug/gosym/pclntab.go |
| 191 | """ |
| 192 | try: |
| 193 | pc_quanum = section.get_data(pclntab_va + 6, 1)[0] |
| 194 | pointer_size = section.get_data(pclntab_va + 7, 1)[0] |
| 195 | except: |
| 196 | logger.error("Error parsing pclntab header") |
| 197 | return False |
| 198 | return True if pc_quanum in {1, 2, 4} and pointer_size in {4, 8} else False |
| 199 | |
| 200 | |
| 201 | def is_dotnet_bin(pe: pefile.PE) -> bool: |
no test coverage detected