windows

package

v0.0.0-...-89257ae Latest Latest Go to latest Published: Jun 11, 2023 License: GPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package guid provides a GUID type. The backing structure for a GUID is identical to that used by the golang.org/x/sys/windows GUID type. There are two main binary encodings used for a GUID, the big-endian encoding, and the Windows (mixed-endian) encoding. See here for details: https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding

Code mostly taken from https://github.com/Velocidex/velociraptor/blob/eced6fc858e659281d80749661340ba42e8e099e/vql/parsers/ese/sid.go

Index ¶

Constants
func FormatSID(hexencoded string) string
func FormatUtf16String(hexencoded string) string
func ParseArray_uint32(reader io.ReaderAt, offset int64, count int) []uint32
func ParseUint16(reader io.ReaderAt, offset int64) uint16
func ParseUint32(reader io.ReaderAt, offset int64) uint32
func ParseUint8(reader io.ReaderAt, offset int64) byte
func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string
type BufferReaderAt
- func (buff *BufferReaderAt) ReadAt(buf []byte, offset int64) (int, error)
type GUID
type SID
type Variant
type Version
- func (v Version) String() string

Constants ¶

View Source

const (
	// RevisionLevelOffset     int64 = 0
	SubAuthorityCountOffset int64 = 1
	AuthorityOffset         int64 = 2
	Authority2Offset        int64 = 4
	SubauthorityOffset      int64 = 8
)

Variables ¶

This section is empty.

Functions ¶

func FormatSID ¶

func FormatSID(hexencoded string) string

func FormatUtf16String ¶

func FormatUtf16String(hexencoded string) string

func ParseArray_uint32 ¶

func ParseArray_uint32(reader io.ReaderAt, offset int64, count int) []uint32

func ParseUint16 ¶

func ParseUint16(reader io.ReaderAt, offset int64) uint16

func ParseUint32 ¶

func ParseUint32(reader io.ReaderAt, offset int64) uint32

func ParseUint8 ¶

func ParseUint8(reader io.ReaderAt, offset int64) byte

func UTF16BytesToUTF8 ¶

func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string

Types ¶

type BufferReaderAt ¶

type BufferReaderAt struct {
	Buffer []byte
}

func (*BufferReaderAt) ReadAt ¶

func (buff *BufferReaderAt) ReadAt(buf []byte, offset int64) (int, error)

type GUID ¶

type GUID struct {
	Data1 uint32
	Data2 uint16
	Data3 uint16
	Data4 [8]byte
}

func FromArray ¶

func FromArray(b [16]byte) GUID

FromArray constructs a GUID from a big-endian encoding array of 16 bytes.

func FromString ¶

func FromString(s string) (GUID, error)

FromString parses a string containing a GUID and returns the GUID. The only format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` format.

func FromWindowsArray ¶

func FromWindowsArray(b [16]byte) GUID

FromWindowsArray constructs a GUID from a Windows encoding array of bytes.

func NewV4 ¶

func NewV4() (GUID, error)

NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.

func NewV5 ¶

func NewV5(namespace GUID, name []byte) (GUID, error)

NewV5 returns a new version 5 (generated from a string via SHA-1 hashing) GUID, as defined by RFC 4122. The RFC is unclear on the encoding of the name, and the sample code treats it as a series of bytes, so we do the same here.

Some implementations, such as those found on Windows, treat the name as a big-endian UTF16 stream of bytes. If that is desired, the string can be encoded as such before being passed to this function.

func (GUID) MarshalText ¶

func (g GUID) MarshalText() ([]byte, error)

MarshalText returns the textual representation of the GUID.

func (GUID) String ¶

func (g GUID) String() string

func (GUID) ToArray ¶

func (g GUID) ToArray() [16]byte

ToArray returns an array of 16 bytes representing the GUID in big-endian encoding.

func (GUID) ToWindowsArray ¶

func (g GUID) ToWindowsArray() [16]byte

ToWindowsArray returns an array of 16 bytes representing the GUID in Windows encoding.

func (*GUID) UnmarshalText ¶

func (g *GUID) UnmarshalText(text []byte) error

UnmarshalText takes the textual representation of a GUID, and unmarhals it into this GUID.

func (GUID) Variant ¶

func (g GUID) Variant() Variant

Variant returns the GUID variant, as defined in RFC 4122.

func (GUID) Version ¶

func (g GUID) Version() Version

Version returns the GUID version, as defined in RFC 4122.

type SID ¶

type SID struct {
	Reader io.ReaderAt
	Offset int64
}

func (*SID) Authority ¶

func (s *SID) Authority() uint16

func (*SID) Authority2 ¶

func (s *SID) Authority2() uint32

func (*SID) String ¶

func (s *SID) String() string

func (*SID) SubAuthCount ¶

func (s *SID) SubAuthCount() byte

func (*SID) Subauthority ¶

func (s *SID) Subauthority() []uint32

type Variant ¶

type Variant uint8

Variant specifies which GUID variant (or "type") of the GUID. It determines how the entirety of the rest of the GUID is interpreted.

const (
	// VariantUnknown specifies a GUID variant which does not conform to one of
	// the variant encodings specified in RFC 4122.
	VariantUnknown Variant = iota
	VariantNCS
	VariantRFC4122 // RFC 4122
	VariantMicrosoft
	VariantFuture
)

The variants specified by RFC 4122 section 4.1.1.

type Version ¶

type Version uint8

Version specifies how the bits in the GUID were generated. For instance, a version 4 GUID is randomly generated, and a version 5 is generated from the hash of an input string.

func (Version) String ¶

func (v Version) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL