dumper

package module

v0.3.0 Latest Latest Go to latest Published: Jan 17, 2024 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zed-0xff/dumper

Links

Open Source Insights

README ¶

= Dumper lib

Documentation ¶

Index ¶

Constants
Variables
func CreateSparseFile(fname string)
func DumpAll(pid uint32)
func DumpRegion(pid uint32, target_ea uintptr)
func EnumProcessRegions(pid uint32, openMode uint32, ...) error
func FindEach(pid uint32, pattern Pattern) chan *byte
func FindFirstEx(pid uint32, region_type uint32, region_prot uint32, pattern Pattern) []byte
func FindProcess(processName string) uint32
func HexDump(buffer []byte, ea uintptr)
func ParsePidOrExe(pid_or_exename string) uint32
func ReadProcessMemory(pid uint32, ea uintptr, size int) []byte
func ReadUInt32(pid uint32, ea uintptr) uint32
func ReadUInt64(pid uint32, ea uintptr) uint64
func Regions(pid uint32, mode uint32) chan Region
func SetScriptMode(value bool)
func ShowProcessMemory(pid uint32, ea uintptr, size int)
func ShowProcessRegions(pid uint32)
func ShowProcesses()
func WriteFile(fname string, data []byte) error
func WriteFileEx(fname string, data []byte, mode int, offset int) error
func WriteProcessMemory(pid uint32, ea uintptr, buffer []byte) error
func WriteUInt32(pid uint32, ea uintptr, value uint32) error
func WriteUInt64(pid uint32, ea uintptr, value uint64) error
type MEMORY_BASIC_INFORMATION
- func (mbi MEMORY_BASIC_INFORMATION) IsReadable() bool
type PROCESSENTRY32
type Pattern
- func ParsePattern(src string) Pattern
- func (p Pattern) Find(buffer []byte) int
- func (p Pattern) Length() int
- func (p Pattern) String() string
type Region
- func (r Region) IsCommitted() bool
- func (r Region) IsReadable() bool
- func (r Region) Read(ea uintptr, size int) []byte
- func (r Region) ReadAll() []byte
- func (r Region) Show()

Constants ¶

View Source

const Version = "0.3.0"

Variables ¶

View Source

var ScriptMode = false

View Source

var Verbosity = 0

Functions ¶

func CreateSparseFile ¶ added in v0.2.0

func CreateSparseFile(fname string)

func DumpAll ¶

func DumpAll(pid uint32)

func DumpRegion ¶

func DumpRegion(pid uint32, target_ea uintptr)

func EnumProcessRegions ¶

func EnumProcessRegions(pid uint32, openMode uint32, callback func(MEMORY_BASIC_INFORMATION, windows.Handle)) error

func FindEach ¶ added in v0.2.0

func FindEach(pid uint32, pattern Pattern) chan *byte

generator

func FindFirstEx ¶

func FindFirstEx(pid uint32, region_type uint32, region_prot uint32, pattern Pattern) []byte

zero region_type or region_prot means ANY READABLE region

func FindProcess ¶

func FindProcess(processName string) uint32

returns PID or 0 if not found

func HexDump ¶

func HexDump(buffer []byte, ea uintptr)

prints hexdump, 16 bytes per line, with ascii chars on the right

func ParsePidOrExe ¶

func ParsePidOrExe(pid_or_exename string) uint32

func ReadProcessMemory ¶

func ReadProcessMemory(pid uint32, ea uintptr, size int) []byte

func ReadUInt32 ¶

func ReadUInt32(pid uint32, ea uintptr) uint32

func ReadUInt64 ¶

func ReadUInt64(pid uint32, ea uintptr) uint64

func Regions ¶ added in v0.2.0

func Regions(pid uint32, mode uint32) chan Region

func SetScriptMode ¶

func SetScriptMode(value bool)

func ShowProcessMemory ¶

func ShowProcessMemory(pid uint32, ea uintptr, size int)

func ShowProcessRegions ¶

func ShowProcessRegions(pid uint32)

func ShowProcesses ¶

func ShowProcesses()

func WriteFile ¶ added in v0.2.0

func WriteFile(fname string, data []byte) error

func WriteFileEx ¶ added in v0.2.0

func WriteFileEx(fname string, data []byte, mode int, offset int) error

func WriteProcessMemory ¶

func WriteProcessMemory(pid uint32, ea uintptr, buffer []byte) error

writes only to writable regions

func WriteUInt32 ¶

func WriteUInt32(pid uint32, ea uintptr, value uint32) error

func WriteUInt64 ¶

func WriteUInt64(pid uint32, ea uintptr, value uint64) error

Types ¶

type MEMORY_BASIC_INFORMATION ¶

type MEMORY_BASIC_INFORMATION struct {
	BaseAddress       uintptr
	AllocationBase    uintptr
	AllocationProtect uint32
	RegionSize        uintptr
	State             uint32
	Protect           uint32
	Type              uint32
}

func (MEMORY_BASIC_INFORMATION) IsReadable ¶ added in v0.2.0

func (mbi MEMORY_BASIC_INFORMATION) IsReadable() bool

type PROCESSENTRY32 ¶

type PROCESSENTRY32 struct {
	Size              uint32
	Usage             uint32
	ProcessID         uint32
	DefaultHeapID     uintptr
	ModuleID          uint32
	CountThreads      uint32
	ParentProcessID   uint32
	PriorityClassBase int32
	Flags             uint32
	ExeFile           [windows.MAX_PATH]uint16
}

type Pattern ¶

type Pattern struct {
	// contains filtered or unexported fields
}

func ParsePattern ¶

func ParsePattern(src string) Pattern

func (Pattern) Find ¶

func (p Pattern) Find(buffer []byte) int

func (Pattern) Length ¶ added in v0.2.0

func (p Pattern) Length() int

func (Pattern) String ¶

func (p Pattern) String() string

type Region ¶ added in v0.2.0

type Region struct {
	ProcessHandle windows.Handle
	Metadata      MEMORY_BASIC_INFORMATION
}

func (Region) IsCommitted ¶ added in v0.2.0

func (r Region) IsCommitted() bool

func (Region) IsReadable ¶ added in v0.2.0

func (r Region) IsReadable() bool

func (Region) Read ¶ added in v0.2.0

func (r Region) Read(ea uintptr, size int) []byte

func (Region) ReadAll ¶ added in v0.2.0

func (r Region) ReadAll() []byte

func (Region) Show ¶ added in v0.2.0

func (r Region) Show()

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL