5

I know that it is possible to embed executables in Golang executables and run them, or run Golang code from a string using projects like Yaegi, but is it possible to run a binary stored as a variable without writing it to a file, as a child process? The binary is already in memory as a variable so is it possible to just execute it somehow?

If I'm not mistaken there is a difference between executable memory and data memory so would that prevent this from being done?

The reason for my question is that I'm writing a RAT/payload dropper as a project to learn Go(lang) and would like to make is as modular as possible, including file-less updates and binary (also file-less) payloads.

EDIT: Any solution is welcome, but cross-platform solutions are preferred.

EDIT2: According to this SO answer, this is not possible / very difficult in C++. Seemingly, the main reason for this is dynamically linking libraries. As Golang is statically linked, would this be any easier?

Improve this question
3
  • I'm not sure what the cause of the downvote is. I believe this is a legitimate question which I have researched beforehand. I have linked similar questions too which do not quite answer my question and added a further question to highlight the difference. Can I have some constructive criticism? Commented May 4, 2020 at 14:49
  • 3
    Take a look at eli.thegreenplace.net/2013/11/05/how-to-jit-an-introduction -- you could do all that with Go using syscalls or cgo. Running Go code like that is trickier, though, since it would need load-time relocation/linking, etc. Commented May 6, 2020 at 12:29
  • @EliBendersky I certainly will. Just from a quick glance it looks pretty interesting and useful. Thanks! Commented May 6, 2020 at 15:09

2 Answers 2

Reset to default
2

Yes, try this way to do this. https://github.com/amenzhinsky/go-memexec

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for the answer! Unfortunately, it seems like that project actually creates a temporary file and executes it as opposed to using what's already in memory :(
As of version 0.5.0, the author of go-memexec has updated behavior (for Linux) to mount allocated memory as a process instead of creating a temporary file.
1

No, there is no portable way to do this.

Improve this answer

5 Comments

Thanks for your answer. You seem to imply that there are non-portable ways to do it though. Is that the case?
@TR_SLimey Yes.
Could you give some examples, like some links or keywords to search for? While single-platform code is not ideal I am doing this mainly to learn the language so it would still be helpful.
@TR_SLimey You are not going to learn anything about the language while using syscalls and cgo.
I take it that means I should look at how to do that in C and then use Cgo? Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.