inject

package

v0.0.0-...-c68c1c7 Latest Latest Go to latest Published: Jul 1, 2023 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zaneGittins/go-inject

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CallNextHookEx(hhook uintptr, nCode uint32, wparam uintptr, lparam uintptr) uintptr
func CloseHandle(handle uintptr)
func ConvertToUUIDS(payload string) []string
func CreateProcessA(appName string, commandLine string, processAttributes uintptr, ...) (uint32, *syscall.StartupInfo, *syscall.ProcessInformation, error)
func CreateRemoteThread(process uintptr, threadAttributes uintptr, stackSize uint64, ...)
func CreateThread(startAddress uintptr) uintptr
func CreateToolhelp32Snapshot(flags uint32, pid uint32) uintptr
func DispatchMessage(lpMsg uintptr) error
func EnumProcesses() ([1024]uint32, uint32)
func EnumSystemLocalesA(lpLocaleEnumProc uintptr, dwFlags uint32) error
func FindWindowA(lpClassName string) (uintptr, error)
func Get64BitProcesses() []uint32
func GetCurrentThreadId() (uint32, error)
func GetMessage(lpMsg uintptr, hWnd uintptr, wMsgFilterMin uint32, wMsgFilterMax uint32) (uint32, error)
func GetModuleHandleA(moduleName string) uintptr
func GetProcAddress(module uintptr, procName string) uintptr
func GetThreadContext(hThread uintptr, ctx *CONTEXT) error
func GetThreadContext32(hThread uintptr, ctx *WOW64_CONTEXT) error
func GetWindowThreadProcessId(hwnd uintptr) (uint32, error)
func HeapAlloc(heap uintptr, dwFlags uint32, dwBytes int) uintptr
func HeapCreate(options uint32, initialSize int, maximumSize uint32) uintptr
func Is64Bit(pid uint32) int
func IsWow64Process(handle uintptr) uint32
func LoadLibraryA(LibFileName string) (uintptr, error)
func NtUnmapViewOfSection(processHandle uintptr, baseAddress uintptr) (uintptr, error)
func OpenProcess(desiredAccess uint32, inheritHandle uint32, processId uint32) (uintptr, error)
func OpenThread(desiredAccess uint32, inheritHandle uint32, threadId uint32) (uintptr, error)
func PostThreadMessage(idThread uint32, msg uint32, wparam uintptr, lparam uintptr) (uint32, error)
func Process32First(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
func Process32Next(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
func QueueUserAPC(pfnAPC *uintptr, tHandle uintptr) uint32
func ReadProcessMemory(process uintptr, baseAddress uintptr, buffer []byte, size uint32) (uint32, error)
func ResumeThread(hThread uintptr) error
func RtlCopyMemory(destination uintptr, source []byte)
func RtlMoveMemory(source uintptr, length int) int
func RtlMoveMemory2(destination uintptr, source []byte)
func RunPE64(payload []byte, target string, commandLine string)
func SelectRandomElement(array []uint32) int
func SetConsoleCtrlHandler(handlerRoutine HANDLER, add uint32) error
func SetThreadContext(hThread uintptr, ctx CONTEXT) error
func SetWindowsHookEx(idHook uint32, lpfn HOOKPROC, hmod uintptr, dwThreadID uint32) uintptr
func SplitToWords(array []byte, wordLen int, pad_incomplete bool) [][]byte
func StringToCharPtr(str string) *uint8
func StringToUTF16Ptr(str string) *uint16
func SwapEndianness(array []byte, word_len int, pad_incomplete bool) []byte
func Thread32First(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
func Thread32Next(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
func TranslateMessage(lpMsg uintptr) error
func UUIDFromStringA(uuidString string, uuid uintptr) (uintptr, error)
func UnhookWindowsHookEx(hhk uintptr) error
func VirtualAlloc(address uintptr, size int, allocationType uint64, protect uint64) uintptr
func VirtualAllocEx(process uintptr, address uintptr, length int, allocationType uint32, ...) uintptr
func VirtualAllocEx2(process uintptr, address uintptr, length uintptr, allocationType uint32, ...) uintptr
func VirtualProtect(address uintptr, size int, newProtect uint32) uint32
func WaitForSingleObject(thread uintptr, milliseconds uint32)
func WriteProcessMemory(process uintptr, baseAddress uintptr, buffer []byte) uint32
func WriteProcessMemory2(process uintptr, baseAddress uintptr, buffer []byte, length uint32) (uint32, error)
type CONTEXT
type HANDLER
type HOOKPROC
type LDT_ENTRY
- func GetThreadSelectorEntry(hThread uintptr, dwSelector uint32) (*LDT_ENTRY, error)
- func Wow64GetThreadSelectorEntry(hThread uintptr, dwSelector uint32) (*LDT_ENTRY, error)
type M128A
type PROCESS_BASIC_INFORMATION
- func NtQueryInformationProcess(processHandle uintptr) (PROCESS_BASIC_INFORMATION, error)
type WOW64_CONTEXT
type WOW64_FLOATING_SAVE_AREA
type XMM_SAVE_AREA32

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	TH32CS_SNAPPROCESS uint32 = 0x00000002
	TH32CS_SNAPTHREAD  uint32 = 0x00000004
	THREAD_ALL_ACCESS  uint32 = 0xffff
	CONTEXT_FULL       uint32 = 0x400003
	CONTEXT_SEGMENTS   uint32 = 0x04
	CONTEXt_ALL        uint32 = 0xffffff
)

Functions ¶

func CallNextHookEx ¶

func CallNextHookEx(hhook uintptr, nCode uint32, wparam uintptr, lparam uintptr) uintptr

func CloseHandle ¶

func CloseHandle(handle uintptr)

func ConvertToUUIDS ¶

func ConvertToUUIDS(payload string) []string

ConvertToUUIDS - converts a hex payload to a slice of UUID strings.

func CreateProcessA ¶

func CreateProcessA(appName string,
	commandLine string,
	processAttributes uintptr,
	threadAttributes uintptr,
	inheritHandles uint32,
	creationFlags uint32,
	env uintptr,
	currentDir uintptr) (uint32, *syscall.StartupInfo, *syscall.ProcessInformation, error)

func CreateRemoteThread ¶

func CreateRemoteThread(process uintptr, threadAttributes uintptr, stackSize uint64, startAddress uintptr, paramater uintptr, creationFlags uint32, threadID uint32)

func CreateThread ¶

func CreateThread(startAddress uintptr) uintptr

func CreateToolhelp32Snapshot ¶

func CreateToolhelp32Snapshot(flags uint32, pid uint32) uintptr

func DispatchMessage ¶

func DispatchMessage(lpMsg uintptr) error

func EnumProcesses ¶

func EnumProcesses() ([1024]uint32, uint32)

func EnumSystemLocalesA ¶

func EnumSystemLocalesA(lpLocaleEnumProc uintptr, dwFlags uint32) error

func FindWindowA ¶

func FindWindowA(lpClassName string) (uintptr, error)

func Get64BitProcesses ¶

func Get64BitProcesses() []uint32

func GetCurrentThreadId ¶

func GetCurrentThreadId() (uint32, error)

func GetMessage ¶

func GetMessage(lpMsg uintptr, hWnd uintptr, wMsgFilterMin uint32, wMsgFilterMax uint32) (uint32, error)

func GetModuleHandleA ¶

func GetModuleHandleA(moduleName string) uintptr

func GetProcAddress ¶

func GetProcAddress(module uintptr, procName string) uintptr

func GetThreadContext ¶

func GetThreadContext(hThread uintptr, ctx *CONTEXT) error

func GetThreadContext32 ¶

func GetThreadContext32(hThread uintptr, ctx *WOW64_CONTEXT) error

func GetWindowThreadProcessId ¶

func GetWindowThreadProcessId(hwnd uintptr) (uint32, error)

func HeapAlloc ¶

func HeapAlloc(heap uintptr, dwFlags uint32, dwBytes int) uintptr

func HeapCreate ¶

func HeapCreate(options uint32, initialSize int, maximumSize uint32) uintptr

func Is64Bit ¶

func Is64Bit(pid uint32) int

func IsWow64Process ¶

func IsWow64Process(handle uintptr) uint32

func LoadLibraryA ¶

func LoadLibraryA(LibFileName string) (uintptr, error)

func NtUnmapViewOfSection ¶

func NtUnmapViewOfSection(processHandle uintptr, baseAddress uintptr) (uintptr, error)

func OpenProcess ¶

func OpenProcess(desiredAccess uint32, inheritHandle uint32, processId uint32) (uintptr, error)

func OpenThread ¶

func OpenThread(desiredAccess uint32, inheritHandle uint32, threadId uint32) (uintptr, error)

func PostThreadMessage ¶

func PostThreadMessage(idThread uint32, msg uint32, wparam uintptr, lparam uintptr) (uint32, error)

func Process32First ¶

func Process32First(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)

func Process32Next ¶

func Process32Next(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)

func QueueUserAPC ¶

func QueueUserAPC(pfnAPC *uintptr, tHandle uintptr) uint32

func ReadProcessMemory ¶

func ReadProcessMemory(process uintptr, baseAddress uintptr, buffer []byte, size uint32) (uint32, error)

func ResumeThread ¶

func ResumeThread(hThread uintptr) error

func RtlCopyMemory ¶

func RtlCopyMemory(destination uintptr, source []byte)

func RtlMoveMemory ¶

func RtlMoveMemory(source uintptr, length int) int

func RtlMoveMemory2 ¶

func RtlMoveMemory2(destination uintptr, source []byte)

func RunPE64 ¶

func RunPE64(payload []byte, target string, commandLine string)

RunPE64 - Heavily based on https://github.com/abdullah2993/go-runpe/blob/master/runpe.go

there are still significant changes compared to original code.

func SelectRandomElement ¶

func SelectRandomElement(array []uint32) int

func SetConsoleCtrlHandler ¶

func SetConsoleCtrlHandler(handlerRoutine HANDLER, add uint32) error

func SetThreadContext ¶

func SetThreadContext(hThread uintptr, ctx CONTEXT) error

func SetWindowsHookEx ¶

func SetWindowsHookEx(idHook uint32, lpfn HOOKPROC, hmod uintptr, dwThreadID uint32) uintptr

func SplitToWords ¶

func SplitToWords(array []byte, wordLen int, pad_incomplete bool) [][]byte

SplitToWords - Splits a slice into multiple slices based on word length.

func StringToCharPtr ¶

func StringToCharPtr(str string) *uint8

func StringToUTF16Ptr ¶

func StringToUTF16Ptr(str string) *uint16

func SwapEndianness ¶

func SwapEndianness(array []byte, word_len int, pad_incomplete bool) []byte

SwapEndianness - Heavily inspired by code from CyberChef https://github.com/gchq/CyberChef/blob/c9d9730726dfa16a1c5f37024ba9c7ea9f37453d/src/core/operations/SwapEndianness.mjs

func Thread32First ¶

func Thread32First(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)

func Thread32Next ¶

func Thread32Next(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)

func TranslateMessage ¶

func TranslateMessage(lpMsg uintptr) error

func UUIDFromStringA ¶

func UUIDFromStringA(uuidString string, uuid uintptr) (uintptr, error)

func UnhookWindowsHookEx ¶

func UnhookWindowsHookEx(hhk uintptr) error

func VirtualAlloc ¶

func VirtualAlloc(address uintptr, size int, allocationType uint64, protect uint64) uintptr

func VirtualAllocEx ¶

func VirtualAllocEx(process uintptr, address uintptr, length int, allocationType uint32, protect uint32) uintptr

func VirtualAllocEx2 ¶

func VirtualAllocEx2(process uintptr, address uintptr, length uintptr, allocationType uint32, protect uint32) uintptr

func VirtualProtect ¶

func VirtualProtect(address uintptr, size int, newProtect uint32) uint32

func WaitForSingleObject ¶

func WaitForSingleObject(thread uintptr, milliseconds uint32)

func WriteProcessMemory ¶

func WriteProcessMemory(process uintptr, baseAddress uintptr, buffer []byte) uint32

func WriteProcessMemory2 ¶

func WriteProcessMemory2(process uintptr, baseAddress uintptr, buffer []byte, length uint32) (uint32, error)

Types ¶

type CONTEXT ¶

type CONTEXT struct {
	P1Home uint64
	P2Home uint64
	P3Home uint64
	P4Home uint64
	P5Home uint64
	P6Home uint64

	ContextFlags uint32
	MxCsr        uint32

	SegCs  uint16
	SegDs  uint16
	SegEs  uint16
	SegFs  uint16
	SegGs  uint16
	SegSs  uint16
	EFlags uint32

	Dr0 uint64
	Dr1 uint64
	Dr2 uint64
	Dr3 uint64
	Dr6 uint64
	Dr7 uint64

	Rax uint64
	Rcx uint64
	Rdx uint64
	Rbx uint64
	Rsp uint64
	Rbp uint64
	Rsi uint64
	Rdi uint64
	R8  uint64
	R9  uint64
	R10 uint64
	R11 uint64
	R12 uint64
	R13 uint64
	R14 uint64
	R15 uint64

	Rip uint64

	FltSave XMM_SAVE_AREA32

	VectorRegister [26]M128A
	VectorControl  uint64

	DebugControl         uint64
	LastBranchToRip      uint64
	LastBranchFromRip    uint64
	LastExceptionToRip   uint64
	LastExceptionFromRip uint64
}

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context

type HANDLER ¶

type HANDLER func() uintptr

type HOOKPROC ¶

type HOOKPROC func(int, uintptr, uintptr) uintptr

type LDT_ENTRY ¶

type LDT_ENTRY struct {
	LimitLow uint16
	BaseLow  uint16
	HighWord struct {
		Bytes struct {
			BaseMid byte
			Flags1  byte
			Flags2  byte
			BaseHi  byte
		}
		Bits struct {
			BaseMid     uint32
			Type        uint32
			Dpl         uint32
			Pres        uint32
			LimitHi     uint32
			Sys         uint32
			Reserved0   uint32
			DefaultBig  uint32
			Granularity uint32
			BaseHi      uint32
		}
	}
}

func GetThreadSelectorEntry ¶

func GetThreadSelectorEntry(hThread uintptr, dwSelector uint32) (*LDT_ENTRY, error)

func Wow64GetThreadSelectorEntry ¶

func Wow64GetThreadSelectorEntry(hThread uintptr, dwSelector uint32) (*LDT_ENTRY, error)

type M128A ¶

type M128A struct {
	Low  uint64
	High int64
}

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context

type PROCESS_BASIC_INFORMATION ¶

type PROCESS_BASIC_INFORMATION struct {
	Reserved1       uint64
	PebBaseAddress  uint64
	Reserved2       uint64
	Reserved3       uint64
	UniqueProcessId uint64
	Reserved4       uint64
}

func NtQueryInformationProcess ¶

func NtQueryInformationProcess(processHandle uintptr) (PROCESS_BASIC_INFORMATION, error)

type WOW64_CONTEXT ¶

type WOW64_CONTEXT struct {
	ContextFlags      uint32
	Dr0               uint32
	Dr1               uint32
	Dr2               uint32
	Dr3               uint32
	Dr6               uint32
	Dr7               uint32
	FloatSave         WOW64_FLOATING_SAVE_AREA
	SegGs             uint32
	SegFs             uint32
	SegEs             uint32
	SegDs             uint32
	Edi               uint32
	Esi               uint32
	Ebx               uint32
	Edx               uint32
	Ecx               uint32
	Eax               uint32
	Ebp               uint32
	Eip               uint32
	SegCs             uint32
	EFlags            uint32
	Esp               uint32
	SegSs             uint32
	ExtendedRegisters [512]byte
}

type WOW64_FLOATING_SAVE_AREA ¶

type WOW64_FLOATING_SAVE_AREA struct {
	ControlWord   uint32
	StatusWord    uint32
	TagWord       uint32
	ErrorOffset   uint32
	ErrorSelector uint32
	DataOffset    uint32
	DataSelector  uint32
	RegisterArea  [80]byte
	Cr0NpxState   uint32
}

type XMM_SAVE_AREA32 ¶

type XMM_SAVE_AREA32 struct {
	ControlWord    uint16
	StatusWord     uint16
	TagWord        byte
	Reserved1      byte
	ErrorOpcode    uint16
	ErrorOffset    uint32
	ErrorSelector  uint16
	Reserved2      uint16
	DataOffset     uint32
	DataSelector   uint16
	Reserved3      uint16
	MxCsr          uint32
	MxCsr_Mask     uint32
	FloatRegisters [8]M128A
	XmmRegisters   [256]byte
	Reserved4      [96]byte
}

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL