Documentation ¶
Index ¶
- Constants
- func AdjustTokenPrivileges(tokenHandle HANDLE, disableAllPrivileges BOOL, newState *TOKEN_PRIVILEGES, ...) bool
- func CloseHandle(object HANDLE) bool
- func GetAsyncKeyState(vKey int) uint16
- func IsKeyDown(v int) bool
- func LookupPrivilegeValue(lpSystemName string, lpName string, lpLuid *LUID) bool
- func Module32First(snapshot HANDLE, me *MODULEENTRY32) bool
- func Module32Next(snapshot HANDLE, me *MODULEENTRY32) bool
- func OpenProcessToken(processHandle HANDLE, desiredAccess uint32, tokenHandle *HANDLE) bool
- func Process32First(snapshot HANDLE, procEntry *PROCESSENTRY32) (err error)
- func Process32Next(snapshot HANDLE, procEntry *PROCESSENTRY32) (err error)
- func ReadProcessMemory(hProcess HANDLE, lpBaseAddress uint32, size uint) (data []byte, err error)
- func UTF16PtrToString(cstr *uint16) string
- func WriteProcessMemory(hProcess HANDLE, lpBaseAddress uint32, data []byte, size uint) (err error)
- type BOOL
- type DWORD
- type Data
- type DataException
- type DataManager
- type DataType
- type HANDLE
- type HMODULE
- type LONG
- type LUID
- type LUID_AND_ATTRIBUTES
- type MODULEENTRY32
- type PROCESSENTRY32
- type Process
- type ProcessException
- type TOKEN_PRIVILEGES
Constants ¶
const ( STANDARD_RIGHTS_REQUIRED = 0x000F STANDARD_RIGHTS_READ = 0x20000 STANDARD_RIGHTS_WRITE = 0x20000 STANDARD_RIGHTS_EXECUTE = 0x20000 STANDARD_RIGHTS_ALL = 0x1F0000 )
const ( Th32csSnapprocess = 0x00000002 MaxPath = 260 PROCESS_ALL_ACCESS = 2035711 //This is not recommended. )
const ( // do not reorder TOKEN_ASSIGN_PRIMARY = 1 << iota TOKEN_DUPLICATE TOKEN_IMPERSONATE TOKEN_QUERY TOKEN_QUERY_SOURCE TOKEN_ADJUST_PRIVILEGES TOKEN_ADJUST_GROUPS TOKEN_ADJUST_DEFAULT TOKEN_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT TOKEN_READ = STANDARD_RIGHTS_READ | TOKEN_QUERY TOKEN_WRITE = STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT TOKEN_EXECUTE = STANDARD_RIGHTS_EXECUTE )
https://msdn.microsoft.com/en-us/library/windows/desktop/aa374905(v=vs.85).aspx
const ( SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001 SE_PRIVILEGE_ENABLED = 0x00000002 SE_PRIVILEGE_REMOVED = 0x00000004 SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000 SE_PRIVILEGE_VALID_ATTRIBUTES = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS )
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx
const ( TH32CS_SNAPHEAPLIST = 0x00000001 TH32CS_SNAPPROCESS = 0x00000002 TH32CS_SNAPTHREAD = 0x00000004 TH32CS_SNAPMODULE = 0x00000008 TH32CS_SNAPMODULE32 = 0x00000010 TH32CS_INHERIT = 0x80000000 TH32CS_SNAPALL = TH32CS_SNAPHEAPLIST | TH32CS_SNAPMODULE | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD )
CreateToolhelp32Snapshot flags
const ( MAX_MODULE_NAME32 = 255 MAX_PATH = 260 )
const (
ANYSIZE_ARRAY = 1
)
Winnt.h
const SE_DEBUG_NAME = "SeDebugPrivilege"
Variables ¶
This section is empty.
Functions ¶
func AdjustTokenPrivileges ¶
func AdjustTokenPrivileges(tokenHandle HANDLE, disableAllPrivileges BOOL, newState *TOKEN_PRIVILEGES, bufferLength uint32, previousState *TOKEN_PRIVILEGES, returnLength *uint32) bool
func CloseHandle ¶
func GetAsyncKeyState ¶
GetAsyncKeyState get the status of a specific keyboard key
func IsKeyDown ¶
IsKeyDown https://docs.microsoft.com/en-gb/windows/win32/inputdev/virtual-key-codes
func LookupPrivilegeValue ¶
func Module32First ¶
func Module32First(snapshot HANDLE, me *MODULEENTRY32) bool
func Module32Next ¶
func Module32Next(snapshot HANDLE, me *MODULEENTRY32) bool
func OpenProcessToken ¶
func Process32First ¶
func Process32First(snapshot HANDLE, procEntry *PROCESSENTRY32) (err error)
func Process32Next ¶
func Process32Next(snapshot HANDLE, procEntry *PROCESSENTRY32) (err error)
func ReadProcessMemory ¶
ReadProcessMemory Reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails. https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx
func UTF16PtrToString ¶
func WriteProcessMemory ¶
WriteProcessMemory Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails. https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674(v=vs.85).aspx
Types ¶
type Data ¶
type Data struct { Value interface{} // Any type value. DataType DataType // Unwarp value. }
Data This type warp the read and write values.
type DataManager ¶
type DataManager struct { ProcessName string //Name of the process. IsOpen bool //True if we are in process. // contains filtered or unexported fields }
DataManager This type is the Facade for read and write.
func GetDataManager ¶
func GetDataManager(processName string) *DataManager
GetDataManager Constructor of DataManager Param (processName) : The name of process to handle. Returns (*dataManager) : A dataManager object.
func (*DataManager) GetModuleFromName ¶
func (dm *DataManager) GetModuleFromName(module string) (address uintptr, err ProcessException)
GetModuleFromName Specific method for read a byte.
func (*DataManager) Read ¶
func (dm *DataManager) Read(address, size uint, dataType DataType) (data Data, err DataException)
Read Facade to Read methods. Public function of (data_manager) package. Param (address) : The process memory address in hexadecimal. EX: (0X0057F0F0). Param (size) : Size array Param (dataType) : The type of data that want to retrieve. Returns (data) : The data from memory. If low level facade fails, this will be nil. Errors (err) : This will be not nil if handle is not opened or the type is invalid.
func (*DataManager) Write ¶
func (dm *DataManager) Write(address uint, data Data) (err DataException)
Write Facade to Write methods. Public function of (data_manager) package. Param (address) : The process memory address in hexadecimal. EX: (0X0057F0F0). Param (data) : The data to write. Errors (err) : This will be not nil if handle is not opened or the type is invalid.
type LUID_AND_ATTRIBUTES ¶
LUID_AND_ATTRIBUTES https://msdn.microsoft.com/en-us/library/windows/desktop/aa379263(v=vs.85).aspx
type MODULEENTRY32 ¶
type MODULEENTRY32 struct { Size uint32 ModuleID uint32 ProcessID uint32 GlblcntUsage uint32 ProccntUsage uint32 ModBaseAddr *uint8 ModBaseSize uint32 HModule HMODULE SzModule [MAX_MODULE_NAME32 + 1]uint16 SzExePath [MAX_PATH]uint16 }
MODULEENTRY32 http://msdn.microsoft.com/en-us/library/windows/desktop/ms684225.aspx
type PROCESSENTRY32 ¶
type PROCESSENTRY32 struct { Size uint32 Usage uint32 ProcessID uint32 DefaultHeapID uintptr ModuleID uint32 Threads uint32 ParentProcessID uint32 PriClassBase int32 Flags uint32 ExeFile [MaxPath]uint16 }
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684839(v=vs.85).aspx
type ProcessException ¶
type ProcessException error
ProcessException Exception type of ProcessHandler.
func ProcessHandler ¶
func ProcessHandler(processName string) (hProcess *processHandler, err ProcessException)
ProcessHandler Constructor of ProcessHandler Param (processName) : The name of process to handle. Returns (*processHandler) : A processHandler object. Errors (err) : Error if you don't exist process with passed name.
type TOKEN_PRIVILEGES ¶
type TOKEN_PRIVILEGES struct { PrivilegeCount DWORD Privileges [ANYSIZE_ARRAY]LUID_AND_ATTRIBUTES }
TOKEN_PRIVILEGES https://msdn.microsoft.com/en-us/library/windows/desktop/aa379630(v=vs.85).aspx