`toutoumomoma`

toutoumomoma provides functions that may help you to answer the question of an executable, “是偷偷摸摸吗？”

Stripped: scan files that may be executable and report whether they are a Go executable that has had its symbols stripped.
ImportHash: calculate the imphash of an executable with dynamic imports.
GoSymbolHash: calculate an imphash analogue for Go executables compiled by the gc-compiler.

The GoSymbolHash algorithm is analogous to the algorithm described for ImportHash with the exception that Go's static symbols are used in place of the dynamic import symbols used by ImportHash.

The list of symbols referenced by the executable is obtained and the MD5 hash of the ordered list of symbols, separated by commas, is calculated. The order of the symbols is as exists in the executable and returned by the Go standard library debug packages. The fully qualified import path of each symbol is included and while symbols used by ImportHash are canonicalised to lowercase, GoSymbolHash retains the case of the original symbol. GoSymbolHash may be calculated including or excluding standard library imports.
Sections: provide section size and entropy statistics for an executable.

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
.github/workflows		.github/workflows
testdata		testdata
LICENSE		LICENSE
README.md		README.md
doc.go		doc.go
elf.go		elf.go
go.mod		go.mod
go.sum		go.sum
macho.go		macho.go
objfile.go		objfile.go
pe.go		pe.go
tools.go		tools.go
toutoumomoma.go		toutoumomoma.go
toutoumomoma_example_test.go		toutoumomoma_example_test.go
toutoumomoma_golden_test.go		toutoumomoma_golden_test.go
toutoumomoma_test.go		toutoumomoma_test.go

Provide feedback