malasada

package module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2026 License: GPL-3.0 Imports: 11 Imported by: 0

README

malasada

Donut for Linux, converts a Linux ELF shared object (.so) into a position-independent .bin blob that can be executed directly from memory (for example, by copying it into an mmap'd region and jumping to it as a function pointer).

This project intentionally avoids memfd (memfd_create, execveat on memfd, etc).

Supported Platforms

  • Linux amd64
  • Linux arm64

Build

Requirements:

  • Go 1.25+
  • Zig 0.15+ (required for go generate and for tests)

Build the CLI:

make

Quick Start (Local)

Build a hello-world .so, convert it to a .bin, and run it with the included runner:

# Build payload .so
go build -buildmode=c-shared -o /tmp/hello.so ./testdata/hello

# Convert .so -> .bin (call the exported symbol "Hello")
./malasada --call-export Hello -o /tmp/hello.bin /tmp/hello.so

# Optional: compress the embedded payload (stage0 will depack before loading)
./malasada --compress --call-export Hello -o /tmp/hello.compressed.bin /tmp/hello.so

# Build the runner (PIC shellcode executor) with zig cc
zig cc -O2 -o /tmp/runner ./testdata/runner/runner.c

# Run it (stage0 hands off to ld-linux; runner will not return)
/tmp/runner /tmp/hello.bin

Expected output contains:

hello from go

go generate (Prebuild + Embed stage0)

The repo embeds prebuilt stage0 blobs:

  • internal/stage0/stage0_linux_amd64.bin
  • internal/stage0/stage0_linux_arm64.bin

If you edit internal/stage0/stage0.c or internal/stage0/linker.ld, regenerate them:

go generate ./...

The CLI always uses the embedded stage0 blobs (no Zig needed at runtime). To change stage0, edit internal/stage0/stage0.c and re-run:

go generate ./...

Docker Test Harness

testdata/Dockerfile builds the CLI, builds the hello .so, converts it to a .bin, builds the runner with Zig, and runs the end-to-end test in a Linux container.

Examples:

docker buildx build --platform linux/amd64 -f testdata/Dockerfile .
docker buildx build --platform linux/arm64 -f testdata/Dockerfile .

Documentation

Index

Constants

View Source 
const DefaultCallExport = "StartW"

DefaultCallExport is the default exported symbol name called by the generated entry stub when the caller does not specify one.

Variables

This section is empty.

Functions

func ConvertSharedObject 

func ConvertSharedObject(soPath string, exportName string, compress bool) ([]byte, error)

ConvertSharedObject reads a Linux ELF shared object from soPath, patches it to call exportName as the process entrypoint, and wraps it with the stage0 loader to produce an executable PIC .bin blob.

Types

type Arch 

type Arch int

Arch is a linux architecture supported by malasada. 

const (
	ArchUnknown Arch = iota
	ArchLinuxAMD64
	ArchLinuxARM64
)

func (Arch) String 

func (a Arch) String() string

Source Files

View all Source files

Directories

Path Synopsis
internal
aplib
stage0/genstage0 command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.