Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
npm i postject
$ npm run build
The final output is placed in dist/, with main.js being the
entrypoint.
$ postject -h
Usage: postject [options] <filename> <resource_name> <resource>
Inject arbitrary read-only resources into an executable for use at runtime
Arguments:
filename The executable to inject into
resource_name The resource name to use (section name on Mach-O and ELF, resource name for PE)
resource The resource to inject
Options:
--macho-segment-name <segment_name> Name for the Mach-O segment (default: "__POSTJECT")
--output-api-header Output the API header to stdout
--overwrite Overwrite the resource if it already exists
-h, --help display help for command
$ npm test
To ensure maximum capatibility and head off unforeseen issues, the implementation for each format tries to use that format's standard practices for embedding binary data. As such, it should be possible to embed the binary data at build-time as well. The CLI provides the ability to inject the resources into pre-built executables, with the goal that the end result should be as close as possible to what is obtained by embedding them at build-time.
For PE executables, the resources are added into the .rsrc section,
with the RT_RCDATA (raw data) type.
The build-time equivalent is adding the binary data as a resource in
the usual manner, such as the Resource Compiler, and marking it as
RT_RCDATA.
The run-time lookup uses the FindResource and LoadResource APIs.
For Mach-O executables, the resources are added as sections inside a new segment.
The build-time equivalent of embedding binary data with this approach
uses a linker flag: -sectcreate,__FOO,__foo,content.txt
The run-time lookup uses APIs from <mach-o/getsect.h>.
For ELF executables, the resources are added as notes.
The build-time equivalent is to use a linker script.
FAQs
Easily inject arbitrary read-only resources into executable formats (Mach-O, PE, ELF) and use it at runtime.
We found that postject demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.