handle

package module

v0.0.0-...-a07e82f Latest Latest Go to latest Published: Jan 25, 2022 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/secDre4mer/go-handle

Links

Open Source Insights

README ¶

go-handle

Iterate over Windows Handles

Usage

Before querying the handles, create a buffer that can hold all process handles. On most machines, ~5MB should be fine.

Then call the function handle.QueryHandles(...). This function takes the following arguments:

buf: A buffer that can hold all process handles
processFilter (optional): Only show process handles of process with this id
handleTypes (optional): Only return handles of the specified types, e.g. File, Event or Mutant
queryTimeout: Some handles can not be queried and cause a freeze. This timeout will be used to prevent freezes

The function returns a list of handles.

Example

The following example iterates over all handles of this process.

// create an example global and local event
eventHandle, err := createEvent(`Global\TestHandleEvent`)
if err != nil {
	panic(err)
}
defer windows.CloseHandle(eventHandle)
eventHandle2, err := createEvent(`Local\TestHandleEvent2`)
if err != nil {
	panic(err)
}
defer windows.CloseHandle(eventHandle2)
// create an example global and local mutex
mutexHandle, err := createMutex(`Global\TestHandleMutex`)
if err != nil {
	panic(err)
}
defer windows.CloseHandle(mutexHandle)
mutexHandle2, err := createMutex(`Local\TestHandleMutex2`)
if err != nil {
	panic(err)
}
defer windows.CloseHandle(mutexHandle2)
// create an example file
f, err := os.OpenFile("TestFile", os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0600)
if err != nil {
	panic(err)
}
defer os.Remove("TestFile")
defer f.Close()
// create 6MB buffer
buf := make([]byte, 6000000)
pid := uint16(os.Getpid())
handles, err := handle.QueryHandles(buf, &pid, []string{"File", "Event", "Mutant"}, time.Second*20)
if err != nil {
	panic(err)
}
for _, fh := range handles {
	fmt.Printf("PID %05d | %8.8s | HANDLE %04X | '%s'\n", fh.Process, fh.Type, fh.Handle, fh.Name)
}

Z:\go\src\github.com\Codehardt\go-handle>go run examples/example.go

PID 08108 |     File | HANDLE 0004 | '\Device\ConDrv'
PID 08108 |    Event | HANDLE 0008 | ''
PID 08108 |    Event | HANDLE 000C | ''
PID 08108 |    Event | HANDLE 003C | ''
PID 08108 |    Event | HANDLE 0040 | ''
PID 08108 |     File | HANDLE 0044 | '\Device\Mup\VBoxSvr\win10\'
PID 08108 |     File | HANDLE 0048 | '\Device\ConDrv'
PID 08108 |     File | HANDLE 00A0 | '\Device\DeviceApi'
PID 08108 |     File | HANDLE 00AC | '\Device\KsecDD'
PID 08108 |     File | HANDLE 00B0 | '\Device\CNG'
PID 08108 |    Event | HANDLE 00B4 | ''
PID 08108 |    Event | HANDLE 00C4 | ''
PID 08108 |    Event | HANDLE 00DC | ''
PID 08108 |    Event | HANDLE 00E8 | ''
PID 08108 |    Event | HANDLE 00F0 | ''
PID 08108 |    Event | HANDLE 00FC | ''
PID 08108 |    Event | HANDLE 0104 | ''
PID 08108 |    Event | HANDLE 0110 | '\BaseNamedObjects\TestHandleEvent'
PID 08108 |    Event | HANDLE 0114 | '\Sessions\1\BaseNamedObjects\TestHandleEvent2'
PID 08108 |   Mutant | HANDLE 0118 | '\BaseNamedObjects\TestHandleMutex'
PID 08108 |   Mutant | HANDLE 011C | '\Sessions\1\BaseNamedObjects\TestHandleMutex2'
PID 08108 |     File | HANDLE 0120 | '\Device\Mup\VBoxSvr\win10\TestFile'
PID 08108 |    Event | HANDLE 0124 | ''
PID 08108 |     File | HANDLE 018C | '\Device\ConDrv'
PID 08108 |     File | HANDLE 01BC | '\Device\ConDrv'
PID 08108 |     File | HANDLE 01DC | '\Device\ConDrv'

Documentation ¶

Rendered for

Index ¶

Variables
func NtSuccess(rt uint32) bool
type Inspector
- func NewInspector(timeout time.Duration) *Inspector
type SystemHandle
- func NtQuerySystemHandles(buf []byte) ([]SystemHandle, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrTimeout = errors.New("NtQueryObject deadlocked")

Functions ¶

func NtSuccess ¶

func NtSuccess(rt uint32) bool

Types ¶

type Inspector ¶

type Inspector struct {
	// contains filtered or unexported fields
}

Inspector describes a structure that queries details (name and type name) to a specific handle. Common elements such as type ID to name mappings and process handles are cached and reused.

func NewInspector ¶

func NewInspector(timeout time.Duration) *Inspector

func (*Inspector) Close ¶

func (i *Inspector) Close()

Close the Inspector object, removing any cached data and stopping the native thread

func (*Inspector) LookupHandleName ¶

func (i *Inspector) LookupHandleName(handle SystemHandle) (name string, err error)

func (*Inspector) LookupHandleType ¶

func (i *Inspector) LookupHandleType(handle SystemHandle) (handleType string, err error)

LookupHandleType returns the type name for the handle. If possible, a cached type is used; otherwise, the handle is duplicated and its type is looked up.

type SystemHandle ¶

type SystemHandle struct {
	UniqueProcessID       uint16
	CreatorBackTraceIndex uint16
	ObjectTypeIndex       uint8
	HandleAttributes      uint8
	HandleValue           uint16
	Object                uint3264
	GrantedAccess         uint3264
}

func NtQuerySystemHandles ¶

func NtQuerySystemHandles(buf []byte) ([]SystemHandle, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
examples

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL