Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
By Sarah Gooding - Jan 30, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
Package version was removed
This package version has been unpublished, mostly likely due to security reasons
postject
Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
postject
Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
Install
npm i postject
Building
Prerequisites
- CMake
- Ninja
- Emscripten (emsdk)
Build Command
$ npm run build
The final output is placed in dist/, with main.js being the
entrypoint.
Usage
$ postject -h
Usage: postject [options] <filename> <resource_name> <resource>
Inject arbitrary read-only resources into an executable for use at runtime
Arguments:
filename The executable to inject into
resource_name The resource name to use (section name on Mach-O and ELF, resource name for PE)
resource The resource to inject
Options:
--macho-segment-name <segment_name> Name for the Mach-O segment (default: "__POSTJECT")
--output-api-header Output the API header to stdout
--overwrite Overwrite the resource if it already exists
-h, --help display help for command
Testing
$ npm test
Design
To ensure maximum capatibility and head off unforeseen issues, the implementation for each format tries to use that format's standard practices for embedding binary data. As such, it should be possible to embed the binary data at build-time as well. The CLI provides the ability to inject the resources into pre-built executables, with the goal that the end result should be as close as possible to what is obtained by embedding them at build-time.
Windows
For PE executables, the resources are added into the .rsrc section,
with the RT_RCDATA (raw data) type.
The build-time equivalent is adding the binary data as a resource in
the usual manner, such as the Resource Compiler, and marking it as
RT_RCDATA.
The run-time lookup uses the FindResource and LoadResource APIs.
macOS
For Mach-O executables, the resources are added as sections inside a new segment.
The build-time equivalent of embedding binary data with this approach
uses a linker flag: -sectcreate,__FOO,__foo,content.txt
The run-time lookup uses APIs from <mach-o/getsect.h>.
Linux
For ELF executables, the resources are added as notes.
The build-time equivalent is to use a linker script.
FAQs
Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
We found that postject demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 27 Sep 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
By Kirill Boychenko, Peter van der Zee - Jan 29, 2025
Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025