Documentation ¶
Index ¶
- Variables
- func CallNextHookEx(hhook uintptr, nCode uint32, wparam uintptr, lparam uintptr) uintptr
- func CloseHandle(handle uintptr)
- func ConvertToUUIDS(payload string) []string
- func CreateProcessA(appName string, commandLine string, processAttributes uintptr, ...) (uint32, *syscall.StartupInfo, *syscall.ProcessInformation, error)
- func CreateRemoteThread(process uintptr, threadAttributes uintptr, stackSize uint64, ...)
- func CreateThread(startAddress uintptr) uintptr
- func CreateToolhelp32Snapshot(flags uint32, pid uint32) uintptr
- func DispatchMessage(lpMsg uintptr) error
- func EnumProcesses() ([1024]uint32, uint32)
- func EnumSystemLocalesA(lpLocaleEnumProc uintptr, dwFlags uint32) error
- func FindWindowA(lpClassName string) (uintptr, error)
- func Get64BitProcesses() []uint32
- func GetCurrentThreadId() (uint32, error)
- func GetMessage(lpMsg uintptr, hWnd uintptr, wMsgFilterMin uint32, wMsgFilterMax uint32) (uint32, error)
- func GetModuleHandleA(moduleName string) uintptr
- func GetProcAddress(module uintptr, procName string) uintptr
- func GetThreadContext(hThread uintptr, ctx *CONTEXT) error
- func GetThreadContext32(hThread uintptr, ctx *WOW64_CONTEXT) error
- func GetWindowThreadProcessId(hwnd uintptr) (uint32, error)
- func HeapAlloc(heap uintptr, dwFlags uint32, dwBytes int) uintptr
- func HeapCreate(options uint32, initialSize int, maximumSize uint32) uintptr
- func Is64Bit(pid uint32) int
- func IsWow64Process(handle uintptr) uint32
- func LoadLibraryA(LibFileName string) (uintptr, error)
- func NtUnmapViewOfSection(processHandle uintptr, baseAddress uintptr) (uintptr, error)
- func OpenProcess(desiredAccess uint32, inheritHandle uint32, processId uint32) (uintptr, error)
- func OpenThread(desiredAccess uint32, inheritHandle uint32, threadId uint32) (uintptr, error)
- func PostThreadMessage(idThread uint32, msg uint32, wparam uintptr, lparam uintptr) (uint32, error)
- func Process32First(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
- func Process32Next(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
- func QueueUserAPC(pfnAPC *uintptr, tHandle uintptr) uint32
- func ReadProcessMemory(process uintptr, baseAddress uintptr, buffer []byte, size uint32) (uint32, error)
- func ResumeThread(hThread uintptr) error
- func RtlCopyMemory(destination uintptr, source []byte)
- func RtlMoveMemory(source uintptr, length int) int
- func RtlMoveMemory2(destination uintptr, source []byte)
- func RunPE64(payload []byte, target string, commandLine string)
- func SelectRandomElement(array []uint32) int
- func SetConsoleCtrlHandler(handlerRoutine HANDLER, add uint32) error
- func SetThreadContext(hThread uintptr, ctx CONTEXT) error
- func SetWindowsHookEx(idHook uint32, lpfn HOOKPROC, hmod uintptr, dwThreadID uint32) uintptr
- func SplitToWords(array []byte, wordLen int, pad_incomplete bool) [][]byte
- func StringToCharPtr(str string) *uint8
- func StringToUTF16Ptr(str string) *uint16
- func SwapEndianness(array []byte, word_len int, pad_incomplete bool) []byte
- func Thread32First(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
- func Thread32Next(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
- func TranslateMessage(lpMsg uintptr) error
- func UUIDFromStringA(uuidString string, uuid uintptr) (uintptr, error)
- func UnhookWindowsHookEx(hhk uintptr) error
- func VirtualAlloc(address uintptr, size int, allocationType uint64, protect uint64) uintptr
- func VirtualAllocEx(process uintptr, address uintptr, length int, allocationType uint32, ...) uintptr
- func VirtualAllocEx2(process uintptr, address uintptr, length uintptr, allocationType uint32, ...) uintptr
- func VirtualProtect(address uintptr, size int, newProtect uint32) uint32
- func WaitForSingleObject(thread uintptr, milliseconds uint32)
- func WriteProcessMemory(process uintptr, baseAddress uintptr, buffer []byte) uint32
- func WriteProcessMemory2(process uintptr, baseAddress uintptr, buffer []byte, length uint32) (uint32, error)
- type CONTEXT
- type HANDLER
- type HOOKPROC
- type LDT_ENTRY
- type M128A
- type PROCESS_BASIC_INFORMATION
- type WOW64_CONTEXT
- type WOW64_FLOATING_SAVE_AREA
- type XMM_SAVE_AREA32
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func CallNextHookEx ¶
func CloseHandle ¶
func CloseHandle(handle uintptr)
func ConvertToUUIDS ¶
ConvertToUUIDS - converts a hex payload to a slice of UUID strings.
func CreateProcessA ¶
func CreateRemoteThread ¶
func CreateThread ¶
func DispatchMessage ¶
func EnumProcesses ¶
func EnumSystemLocalesA ¶
func FindWindowA ¶
func Get64BitProcesses ¶
func Get64BitProcesses() []uint32
func GetCurrentThreadId ¶
func GetMessage ¶
func GetModuleHandleA ¶
func GetProcAddress ¶
func GetThreadContext ¶
func GetThreadContext32 ¶
func GetThreadContext32(hThread uintptr, ctx *WOW64_CONTEXT) error
func IsWow64Process ¶
func LoadLibraryA ¶
func NtUnmapViewOfSection ¶
func OpenProcess ¶
func OpenThread ¶
func PostThreadMessage ¶
func Process32First ¶
func Process32First(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
func Process32Next ¶
func Process32Next(snapshot uintptr, processEntry *windows.ProcessEntry32) (uintptr, error)
func QueueUserAPC ¶
func ReadProcessMemory ¶
func ResumeThread ¶
func RtlCopyMemory ¶
func RtlMoveMemory ¶
func RtlMoveMemory2 ¶
func RunPE64 ¶
RunPE64 - Heavily based on https://github.com/abdullah2993/go-runpe/blob/master/runpe.go
there are still significant changes compared to original code.
func SelectRandomElement ¶
func SetConsoleCtrlHandler ¶
func SetThreadContext ¶
func SetWindowsHookEx ¶
func SplitToWords ¶
SplitToWords - Splits a slice into multiple slices based on word length.
func StringToCharPtr ¶
func StringToUTF16Ptr ¶
func SwapEndianness ¶
SwapEndianness - Heavily inspired by code from CyberChef https://github.com/gchq/CyberChef/blob/c9d9730726dfa16a1c5f37024ba9c7ea9f37453d/src/core/operations/SwapEndianness.mjs
func Thread32First ¶
func Thread32First(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
func Thread32Next ¶
func Thread32Next(snapshot uintptr, threadEntry *windows.ThreadEntry32) (uintptr, error)
func TranslateMessage ¶
func UnhookWindowsHookEx ¶
func VirtualAlloc ¶
func VirtualAllocEx ¶
func VirtualAllocEx2 ¶
func WaitForSingleObject ¶
func WriteProcessMemory ¶
Types ¶
type CONTEXT ¶
type CONTEXT struct { P1Home uint64 P2Home uint64 P3Home uint64 P4Home uint64 P5Home uint64 P6Home uint64 ContextFlags uint32 MxCsr uint32 SegCs uint16 SegDs uint16 SegEs uint16 SegFs uint16 SegGs uint16 SegSs uint16 EFlags uint32 Dr0 uint64 Dr1 uint64 Dr2 uint64 Dr3 uint64 Dr6 uint64 Dr7 uint64 Rax uint64 Rcx uint64 Rdx uint64 Rbx uint64 Rsp uint64 Rbp uint64 Rsi uint64 Rdi uint64 R8 uint64 R9 uint64 R10 uint64 R11 uint64 R12 uint64 R13 uint64 R14 uint64 R15 uint64 Rip uint64 FltSave XMM_SAVE_AREA32 VectorRegister [26]M128A VectorControl uint64 DebugControl uint64 LastBranchToRip uint64 LastBranchFromRip uint64 LastExceptionToRip uint64 LastExceptionFromRip uint64 }
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context
type LDT_ENTRY ¶
type LDT_ENTRY struct { LimitLow uint16 BaseLow uint16 HighWord struct { Bytes struct { BaseMid byte Flags1 byte Flags2 byte BaseHi byte } Bits struct { BaseMid uint32 Type uint32 Dpl uint32 Pres uint32 LimitHi uint32 Sys uint32 Reserved0 uint32 DefaultBig uint32 Granularity uint32 BaseHi uint32 } } }
func GetThreadSelectorEntry ¶
type PROCESS_BASIC_INFORMATION ¶
type PROCESS_BASIC_INFORMATION struct { Reserved1 uint64 PebBaseAddress uint64 Reserved2 uint64 Reserved3 uint64 UniqueProcessId uint64 Reserved4 uint64 }
func NtQueryInformationProcess ¶
func NtQueryInformationProcess(processHandle uintptr) (PROCESS_BASIC_INFORMATION, error)
type WOW64_CONTEXT ¶
type WOW64_CONTEXT struct { ContextFlags uint32 Dr0 uint32 Dr1 uint32 Dr2 uint32 Dr3 uint32 Dr6 uint32 Dr7 uint32 FloatSave WOW64_FLOATING_SAVE_AREA SegGs uint32 SegFs uint32 SegEs uint32 SegDs uint32 Edi uint32 Esi uint32 Ebx uint32 Edx uint32 Ecx uint32 Eax uint32 Ebp uint32 Eip uint32 SegCs uint32 EFlags uint32 Esp uint32 SegSs uint32 ExtendedRegisters [512]byte }
type XMM_SAVE_AREA32 ¶
type XMM_SAVE_AREA32 struct { ControlWord uint16 StatusWord uint16 TagWord byte Reserved1 byte ErrorOpcode uint16 ErrorOffset uint32 ErrorSelector uint16 Reserved2 uint16 DataOffset uint32 DataSelector uint16 Reserved3 uint16 MxCsr uint32 MxCsr_Mask uint32 FloatRegisters [8]M128A XmmRegisters [256]byte Reserved4 [96]byte }
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context
Click to show internal directories.
Click to hide internal directories.