Documentation ¶
Index ¶
- Constants
- func FindPid(name string) uint32
- func GetModelHandle(_pid uint32) uintptr
- func OpenProcess(dwDesiredAccess uint32, dwProcessId uint32) (syscall.Handle, error)
- func Pids() []uint32
- func ReadProcessMemory(hProcess syscall.Handle, lpBaseAddress uintptr, lpBuffer []byte) (int, error)
- func ScanPatternPage(hProcess syscall.Handle, address uintptr, subStr string) (uintptr, uintptr)
- func WriteProcessMemory(hProcess syscall.Handle, lpBaseAddress uintptr, lpBuffer []byte) (uintptr, error)
- type MEMORY_BASIC_INFORMATION
- type ProcessMoudleInfo
Constants ¶
View Source
const ( PAGE_EXECUTE = 0x10 PAGE_EXECUTE_READ = 0x20 PAGE_EXECUTE_READWRITE = 0x40 PAGE_EXECUTE_WRITECOPY = 0x80 PAGE_NOACCESS = 0x01 PAGE_READONLY = 0x02 PAGE_READWRITE = 0x04 PAGE_WRITECOPY = 0x08 PAGE_GUARD = 0x100 PAGE_NOCACHE = 0x200 MEM_COMMIT = 0x1000 PAGE_WRITECOMBINE = 0x400 )
Variables ¶
This section is empty.
Functions ¶
func OpenProcess ¶
获取进程句柄
func ReadProcessMemory ¶
func ReadProcessMemory(hProcess syscall.Handle, lpBaseAddress uintptr, lpBuffer []byte) (int, error)
读取进程中地址的值
func ScanPatternPage ¶
扫描内存
Parameters ---------- handle: syscall.Handle Handle to an open object address: uintptr An address to search from subStr: string A regex byte pattern to search for Returns
Types ¶
type ProcessMoudleInfo ¶
type ProcessMoudleInfo struct { BaseAddress int64 //基址地址 BaseHexAddress string //基址地址(十六进制) MoudlePath string // 模块地址 MoudleName string //模块名称 }
func EnumProcessModulesList ¶
func EnumProcessModulesList(hProcess uintptr) ([]ProcessMoudleInfo, error)
枚举进程模块
func GetProcessMoudleInfo ¶
func GetProcessMoudleInfo(hProcess uintptr, moduleName string) (ProcessMoudleInfo, error)
获取进程中某个模块的基本信息
Click to show internal directories.
Click to hide internal directories.