ntdll

package
v1.0.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2022 License: GPL-3.0 Imports: 4 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	OBJ_INHERIT            = 0x00000002
	OBJ_PERMANENT          = 0x00000010
	OBJ_EXCLUSIVE          = 0x00000020
	OBJ_CASE_INSENSITIVE   = 0x00000040
	OBJ_OPENIF             = 0x00000080
	OBJ_OPENLINK           = 0x00000100
	OBJ_KERNEL_HANDLE      = 0x00000200
	OBJ_FORCE_ACCESS_CHECK = 0x00000400
	OBJ_VALID_ATTRIBUTES   = 0x000007F2

	FileDirectoryInformation = iota + 1
	FileFullDirectoryInformation
	FileBothDirectoryInformation
	FileBasicInformation
	FileStandardInformation
	FileInternalInformation
	FileEaInformation
	FileAccessInformation
	FileNameInformation
	FileRenameInformation
	FileLinkInformation
	FileNamesInformation
	FileDispositionInformation
	FilePositionInformation
	FileFullEaInformation
	FileModeInformation
	FileAlignmentInformation
	FileAllInformation
	FileAllocationInformation
	FileEndOfFileInformation
	FileAlternateNameInformation
	FileStreamInformation
	FilePipeInformation
	FilePipeLocalInformation
	FilePipeRemoteInformation
	FileMailslotQueryInformation
	FileMailslotSetInformation
	FileCompressionInformation
	FileObjectIdInformation
	FileCompletionInformation
	FileMoveClusterInformation
	FileQuotaInformation
	FileReparsePointInformation
	FileNetworkOpenInformatio
	FileAttributeTagInformation
	FileTrackingInformation
	FileIdBothDirectoryInformation
	FileIdFullDirectoryInformation
	FileValidDataLengthInformation

	FileShortNameInformation           = 40
	FileSfioReserveInformation         = 44
	FileSfioVolumeInformation          = 45
	FileHardLinkInformation            = 46
	FileNormalizedNameInformation      = 48
	FileIdGlobalTxDirectoryInformation = 50
	FileStandardLinkInformation        = 54

	FileMaximumInformation

	DELETE       = 0x00010000
	READ_CONTROL = 0x00020000
	WRITE_DAC    = 0x00040000
	WRITE_OWNER  = 0x00080000
	SYNCHRONIZE  = 0x00100000

	STANDARD_RIGHTS_REQUIRED = 0x000F0000

	STANDARD_RIGHTS_READ    = READ_CONTROL
	STANDARD_RIGHTS_WRITE   = READ_CONTROL
	STANDARD_RIGHTS_EXECUTE = READ_CONTROL

	STANDARD_RIGHTS_ALL = 0x001F0000

	SPECIFIC_RIGHTS_ALL = 0x0000FFFF

	ACCESS_SYSTEM_SECURITY = 0x01000000
	MAXIMUM_ALLOWED        = 0x02000000

	GENERIC_READ    = 0x80000000
	GENERIC_WRITE   = 0x40000000
	GENERIC_EXECUTE = 0x20000000
	GENERIC_ALL     = 0x10000000

	FILE_SHARE_READ                    = 0x00000001
	FILE_SHARE_WRITE                   = 0x00000002
	FILE_SHARE_DELETE                  = 0x00000004
	FILE_SHARE_VALID_FLAGS             = 0x00000007
	FILE_ATTRIBUTE_READONLY            = 0x00000001
	FILE_ATTRIBUTE_HIDDEN              = 0x00000002
	FILE_ATTRIBUTE_SYSTEM              = 0x00000004
	FILE_ATTRIBUTE_DIRECTORY           = 0x00000010
	FILE_ATTRIBUTE_ARCHIVE             = 0x00000020
	FILE_ATTRIBUTE_DEVICE              = 0x00000040
	FILE_ATTRIBUTE_NORMAL              = 0x00000080
	FILE_ATTRIBUTE_TEMPORARY           = 0x00000100
	FILE_ATTRIBUTE_SPARSE_FILE         = 0x00000200
	FILE_ATTRIBUTE_REPARSE_POINT       = 0x00000400
	FILE_ATTRIBUTE_COMPRESSED          = 0x00000800
	FILE_ATTRIBUTE_OFFLINE             = 0x00001000
	FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 0x00002000
	FILE_ATTRIBUTE_ENCRYPTED           = 0x00004000
	FILE_ATTRIBUTE_VIRTUAL             = 0x00010000
	FILE_NOTIFY_CHANGE_FILE_NAME       = 0x00000001
	FILE_NOTIFY_CHANGE_DIR_NAME        = 0x00000002
	FILE_NOTIFY_CHANGE_ATTRIBUTES      = 0x00000004
	FILE_NOTIFY_CHANGE_SIZE            = 0x00000008
	FILE_NOTIFY_CHANGE_LAST_WRITE      = 0x00000010
	FILE_NOTIFY_CHANGE_LAST_ACCESS     = 0x00000020
	FILE_NOTIFY_CHANGE_CREATION        = 0x00000040
	FILE_NOTIFY_CHANGE_SECURITY        = 0x00000100
	FILE_ACTION_ADDED                  = 0x00000001
	FILE_ACTION_REMOVED                = 0x00000002
	FILE_ACTION_MODIFIED               = 0x00000003
	FILE_ACTION_RENAMED_OLD_NAME       = 0x00000004
	FILE_ACTION_RENAMED_NEW_NAME       = 0x00000005
	// Not sure about this one
	MAILSLOT_NO_MESSAGE = -1
	// Not sure about this one
	MAILSLOT_WAIT_FOREVER             = -1
	FILE_CASE_SENSITIVE_SEARCH        = 0x00000001
	FILE_CASE_PRESERVED_NAMES         = 0x00000002
	FILE_UNICODE_ON_DISK              = 0x00000004
	FILE_PERSISTENT_ACLS              = 0x00000008
	FILE_FILE_COMPRESSION             = 0x00000010
	FILE_VOLUME_QUOTAS                = 0x00000020
	FILE_SUPPORTS_SPARSE_FILES        = 0x00000040
	FILE_SUPPORTS_REPARSE_POINTS      = 0x00000080
	FILE_SUPPORTS_REMOTE_STORAGE      = 0x00000100
	FILE_VOLUME_IS_COMPRESSED         = 0x00008000
	FILE_SUPPORTS_OBJECT_IDS          = 0x00010000
	FILE_SUPPORTS_ENCRYPTION          = 0x00020000
	FILE_NAMED_STREAMS                = 0x00040000
	FILE_READ_ONLY_VOLUME             = 0x00080000
	FILE_SEQUENTIAL_WRITE_ONCE        = 0x00100000
	FILE_SUPPORTS_TRANSACTIONS        = 0x00200000
	FILE_SUPPORTS_HARD_LINKS          = 0x00400000
	FILE_SUPPORTS_EXTENDED_ATTRIBUTES = 0x00800000
	FILE_SUPPORTS_OPEN_BY_FILE_ID     = 0x01000000
	FILE_SUPPORTS_USN_JOURNAL         = 0x02000000
	FILE_SUPPORTS_INTEGRITY_STREAMS   = 0x04000000
)

Variables

This section is empty.

Functions

func NtOpenFile added in v1.0.11 

func NtOpenFile(
	accessMask win32.ACCESS_MASK,
	objectAttributes *OBJECT_ATTRIBUTES,
	ioStatusBlock *IO_STATUS_BLOCK,
	shareAccess win32.ULONG,
	openOptions win32.ULONG) (fileHandle win32.HANDLE, err error)

NtOpenFile wrapper

func NtQueryInformationProcess 

func NtQueryInformationProcess(hProcess win32.HANDLE,
	processInfoClass win32.DWORD,
	processInfo win32.PVOID,
	processInfoLength win32.ULONG,
	returnLength win32.ULONG_PTR) error

NtQueryInformationProcess Win32 API wrapper TODO: test it

func NtStatusToError added in v1.0.11 

func NtStatusToError(ntstatus uintptr) error

NtStatusToError convert an ntstatus error code to a Go error

func NtUnmapViewOfSection 

func NtUnmapViewOfSection(hProcess win32.HANDLE, baseAddress win32.PVOID) error

NtUnmapViewOfSection Win32 API wrapper https://msdn.microsoft.com/en-us/library/windows/hardware/ff567119(v=vs.85).aspx TODO: test it

func RtlIpv6AddressToStringExW added in v1.0.11 

func RtlIpv6AddressToStringExW(
	address *In6Addr,
	scopeId uint32,
	port uint16,
	addressString *uint16,
	addressStringLength *uint32) error

RtlIpv6AddressToStringExW API wrapper generated from prototype NTSYSAPI NTSTATUS RtlIpv6AddressToStringExW( 

 const in6_addr *Address,
ULONG ScopeId,
USHORT Port,
PWSTR AddressString,
PULONG AddressStringLength );

func RtlIpv6AddressToStringW added in v1.0.11 

func RtlIpv6AddressToStringW(
	addr *In6Addr,
	s *uint16) *uint16

RtlIpv6AddressToStringW API wrapper generated from prototype NTSYSAPI PWSTR RtlIpv6AddressToStringW( 

 const in6_addr *Addr,
PWSTR S );

func RtlNtStatusToDosError added in v1.0.11 

func RtlNtStatusToDosError(ntstatus uintptr) uint32

RtlNtStatusToDosError wrapper

func ZwSetInformationFile added in v1.0.11 

func ZwSetInformationFile(fileHandle win32.HANDLE, ioStatusBlock *IO_STATUS_BLOCK, fileInformation win32.PVOID, length win32.ULONG, fileInformationClass uintptr) error

ZwSetInformationFile wrapper

Types 

type FILE_LINK_INFORMATION struct {
	ReplaceIfExists win32.BOOLEAN
	RootDirectory   win32.HANDLE
	FileNameLength  win32.ULONG
	FileName        win32.WCHAR
}

type IO_STATUS_BLOCK added in v1.0.11 

type IO_STATUS_BLOCK struct {
	Union       win32.PVOID
	Information win32.ULONG_PTR
}

func (*IO_STATUS_BLOCK) Pointer added in v1.0.11 

func (i *IO_STATUS_BLOCK) Pointer() win32.PVOID

func (*IO_STATUS_BLOCK) Status added in v1.0.11 

func (i *IO_STATUS_BLOCK) Status() win32.NTSTATUS

type In6Addr added in v1.0.11 

type In6Addr struct {
	// contains filtered or unexported fields
}

type OBJECT_ATTRIBUTES added in v1.0.11 

type OBJECT_ATTRIBUTES struct {
	Length                   win32.ULONG
	RootDirectory            win32.HANDLE
	ObjectName               *UNICODE_STRING
	Attributes               win32.ULONG
	SecurityDescriptor       win32.PVOID
	SecurityQualityOfService win32.PVOID
}

func InitializeObjectAttribute added in v1.0.11 

func InitializeObjectAttribute(name *UNICODE_STRING, attr win32.ULONG, root win32.HANDLE) (initializedAttributes *OBJECT_ATTRIBUTES)

InitializeObjectAttribute macro

type PROCESS_BASIC_INFORMATION 

type PROCESS_BASIC_INFORMATION struct {
	ExitStatus                   win32.NTSTATUS
	PebBaseAddress               win32.PPEB
	AffinityMask                 win32.KAFFINITY
	BasePriority                 win32.KPRIORITY
	UniqueProcessId              win32.ULONG_PTR
	InheritedFromUniqueProcessId win32.ULONG_PTR
}

type UNICODE_STRING added in v1.0.11 

type UNICODE_STRING struct {
	Length        win32.USHORT
	MaximumLength win32.USHORT
	Buffer        win32.PWSTR
}

func RtlInitUnicodeString added in v1.0.11 

func RtlInitUnicodeString(src string) (dest *UNICODE_STRING)

RtlInitUnicodeString wrapper

func (*UNICODE_STRING) String added in v1.0.11 

func (u *UNICODE_STRING) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.