Skip to content
/ go-clr Public

A PoC package for hosting the CLR and executing .NET from Go

License

Notifications You must be signed in to change notification settings

ropnop/go-clr

Repository files navigation

go-clr

GoDoc

This is my PoC code for hosting the CLR in a Go process and using it to execute a DLL from disk or an assembly from memory.

It's written in pure Go by just wrapping the needed syscalls and making use of a lot of unsafe.Pointers to load structs from memory.

For more info and references, see this blog post.

This was was a fun project and proof of concept, but the code is definitely not "production ready". It makes heavy use of unsafe and it's probably very unstable. I don't plan on supporting it much moving forward, but I wanted to share the code and knowledge to enable others to either contribute, or fork and make their own awesome tools.

Installation and Usage

go-clr is intended to be used as a package in other scripts. Install it with:

go get github.com/ropnop/go-clr

Take a look at the examples folder for some examples on how to leverage it. The package exposes all the structs and methods necessary to customize, but it also includes two "magic" functions to execute .NET from Go: ExecuteDLLFromDisk and ExecuteByteArray. Here's a quick example of using both:

package main

import (
	clr "github.com/ropnop/go-clr"
	"log"
	"fmt"
	"io/ioutil"
	"runtime"
)

func main() {
	fmt.Println("[+] Loading DLL from Disk")
	ret, err := clr.ExecuteDLLFromDisk(
		"TestDLL.dll",
		"TestDLL.HelloWorld",
		"SayHello",
		"foobar")
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("[+] DLL Return Code: %d\n", ret)

	
	fmt.Println("[+] Executing EXE from memory")
	exebytes, err := ioutil.ReadFile("helloworld.exe")
	if err != nil {
		log.Fatal(err)
	}
	runtime.KeepAlive(exebytes)

	ret2, err := clr.ExecuteByteArray(exebytes)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("[+] EXE Return Code: %d\n", ret2)
}

The other 2 examples show the same technique but without the magic functions.

License

This project is licensed under the Do What the Fuck You Want to Public License. I deliberately chose this "joke" license because I really don't think anyone should be using this for anything serious, and I know some organizations forbid this license from being used in products (which is a good thing).

About

A PoC package for hosting the CLR and executing .NET from Go

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages