va

package

v1.10.0 Latest Latest Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rabbitstack/fibratus

Links

Open Source Insights

Documentation ¶

Index ¶

func ReadArea(process windows.Handle, base uintptr, bufSize, minSize uint, forceAccess bool) []byte
func Zeroed(area []byte) bool
type Region
- func NewRegion(process windows.Handle, base uintptr) (*Region, error)
- func (r Region) Read(addr uintptr, bufSize, minSize uint, forceAccess bool) (uint, []byte)
- func (r Region) Size(base uintptr) uint

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ReadArea ¶

func ReadArea(process windows.Handle, base uintptr, bufSize, minSize uint, forceAccess bool) []byte

ReadArea reads a full memory area within a given process, starting at the base address and reading up to the buffer size. The memory area can consist of multiple regions with various access rights. If the region is inaccessible and protection changing flag is enabled, this function tries to change the region protection to read-only access. If the request to change region protection is granted, upon completion, the original access permissions are restored. On read failure the region is skipped, and the read is moving to the next one leaving in the output buffer an empty space of the region size.

func Zeroed ¶

func Zeroed(area []byte) bool

Zeroed determines if all bytes in the area are zeroed.

Types ¶

type Region ¶

type Region struct {
	// contains filtered or unexported fields
}

Region describes the state of a range of pages in the process virtual address space and offers convenient methods for reading and accessing region memory. This code is inspired by libpeconv library: https://github.com/hasherezade/libpeconv

func NewRegion ¶

func NewRegion(process windows.Handle, base uintptr) (*Region, error)

NewRegion creates a new region for the specified process and base address.

func (Region) Read ¶

func (r Region) Read(addr uintptr, bufSize, minSize uint, forceAccess bool) (uint, []byte)

Read reads a single memory region within a given process starting at supplied base address. In case region is inaccessible and the force access flag is enabled, it tries to force the access by temporarily changing the permissions of the memory region.

func (Region) Size ¶

func (r Region) Size(base uintptr) uint

Size returns the size of the region starting from the base address.

Source Files ¶

View all Source files

region.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL