5

I know that it is possible to embed executables in Golang executables and run them, or run Golang code from a string using projects like Yaegi, but is it possible to run a binary stored as a variable without writing it to a file, as a child process? The binary is already in memory as a variable so is it possible to just execute it somehow?

If I'm not mistaken there is a difference between executable memory and data memory so would that prevent this from being done?

The reason for my question is that I'm writing a RAT/payload dropper as a project to learn Go(lang) and would like to make is as modular as possible, including file-less updates and binary (also file-less) payloads.

EDIT: Any solution is welcome, but cross-platform solutions are preferred.

EDIT2: According to this SO answer, this is not possible / very difficult in C++. Seemingly, the main reason for this is dynamically linking libraries. As Golang is statically linked, would this be any easier?

user9123
  • 581
  • 1
  • 10
  • 21
  • I'm not sure what the cause of the downvote is. I believe this is a legitimate question which I have researched beforehand. I have linked similar questions too which do not quite answer my question and added a further question to highlight the difference. Can I have some constructive criticism? – user9123 May 04 '20 at 14:49
  • 3
    Take a look at https://eli.thegreenplace.net/2013/11/05/how-to-jit-an-introduction -- you could do all that with Go using syscalls or cgo. Running Go code like that is trickier, though, since it would need load-time relocation/linking, etc. – Eli Bendersky May 06 '20 at 12:29
  • @EliBendersky I certainly will. Just from a quick glance it looks pretty interesting and useful. Thanks! – user9123 May 06 '20 at 15:09

2 Answers2

1

No, there is no portable way to do this.

Volker
  • 40,468
  • 7
  • 81
  • 87
  • Thanks for your answer. You seem to imply that there are non-portable ways to do it though. Is that the case? – user9123 May 04 '20 at 14:51
  • @TR_SLimey Yes. – Volker May 04 '20 at 15:00
  • Could you give some examples, like some links or keywords to search for? While single-platform code is not ideal I am doing this mainly to learn the language so it would still be helpful. – user9123 May 04 '20 at 15:24
  • @TR_SLimey You are not going to learn anything about the language while using syscalls and cgo. – Volker May 04 '20 at 15:34
  • I take it that means I should look at how to do that in C and then use Cgo? Thanks. – user9123 May 04 '20 at 15:47
1

Yes, try this way to do this. https://github.com/amenzhinsky/go-memexec

田咖啡
  • 728
  • 8
  • 10
  • 1
    Thanks for the answer! Unfortunately, it seems like that project actually creates a temporary file and executes it as opposed to using what's already in memory :( – user9123 Mar 13 '21 at 20:28
  • 1
    As of version 0.5.0, the author of go-memexec has updated behavior (for Linux) to mount allocated memory as a process instead of creating a temporary file. – Helyrk Sep 07 '21 at 01:23