🦀 🧵 Rust reversing thread: Let's use panic metadata embedded inside Rust binaries to help us reverse engineer!
(If you prefer reading this thread as a blog post, you can read it here! Using panic metadata to recover source code information from Rust binaries - cxiao.net)
If you've ever looked inside the strings of a Rust binary, you may have noticed that many of these strings are paths to Rust source files (.rs extension). These are used when printing diagnostic messages when the program panics, such as the following message:
thread 'main' panicked at 'oh no!', src\main.rs:314:5
The above message includes both a source file path src\main.rs, as well as the exact line and column in the source code where the panic occurred. All of this information is embedded in Rust binaries by default, and is recoverable statically!
Examining these can be useful in separating user from library code, as well as in understanding functionality. This is especially nice because Rust's standard library and the majority of third-party Rust libraries are open-source, so you can use the panic strings to find the relevant location in the source code, and use that to aid in reversing.