spsutil

package

v0.0.0-...-094f898 Latest Latest Go to latest Published: Oct 12, 2024 License: MulanPSL-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitee.com/solidone/sutils

Documentation ¶

Rendered for

Index ¶

Constants
func FindPid(name string) uint32
func GetExePath(hProcess uintptr) (string, error)
func GetModelHandle(_pid uint32) uintptr
func LittleEndian(buffer []byte, addrLen int) uint64
func LittleEndianByte(address uint64, addrLen int) []byte
func OpenProcess(dwDesiredAccess uint32, dwProcessId uint32) (syscall.Handle, error)
func Pids() []uint32
func ReadProcessMemory(hProcess uintptr, lpBaseAddress uintptr, lpBuffer []byte) (int, error)
func ScanPatternPage(hProcess uintptr, address uintptr, subStr string, mult bool) (uintptr, []uintptr)
func SearchPattern(hProcess uintptr, lpBaseAddress uintptr, MoudleSize int64, finder uint64, ...) []uintptr
func WriteProcessMemory(hProcess uintptr, lpBaseAddress uintptr, lpBuffer []byte) (uintptr, error)
type MEMORY_BASIC_INFORMATION
type ProcessMoudleInfo
- func EnumProcessModulesList(hProcess uintptr) ([]ProcessMoudleInfo, error)
- func GetProcessMoudleInfo(hProcess uintptr, moduleName string) (ProcessMoudleInfo, error)

Constants ¶

View Source

const (
	PAGE_EXECUTE           = 0x10
	PAGE_EXECUTE_READ      = 0x20
	PAGE_EXECUTE_READWRITE = 0x40
	PAGE_EXECUTE_WRITECOPY = 0x80
	PAGE_NOACCESS          = 0x01
	PAGE_READONLY          = 0x02
	PAGE_READWRITE         = 0x04
	PAGE_WRITECOPY         = 0x08
	PAGE_GUARD             = 0x100
	PAGE_NOCACHE           = 0x200
	MEM_COMMIT             = 0x1000

	PAGE_WRITECOMBINE = 0x400
	MAX_PATH_LEN      = 4096
)

Variables ¶

This section is empty.

Functions ¶

func FindPid ¶

func FindPid(name string) uint32

获取指定进程PID

func GetExePath ¶

func GetExePath(hProcess uintptr) (string, error)

获取可执行文件路径

func GetModelHandle ¶

func GetModelHandle(_pid uint32) uintptr

获取进程值

func LittleEndian ¶

func LittleEndian(buffer []byte, addrLen int) uint64

func LittleEndianByte ¶

func LittleEndianByte(address uint64, addrLen int) []byte

func OpenProcess ¶

func OpenProcess(dwDesiredAccess uint32, dwProcessId uint32) (syscall.Handle, error)

获取进程句柄

func Pids ¶

func Pids() []uint32

获取所有进程PID

func ReadProcessMemory ¶

func ReadProcessMemory(hProcess uintptr, lpBaseAddress uintptr, lpBuffer []byte) (int, error)

读取进程中地址的值

func ScanPatternPage ¶

func ScanPatternPage(hProcess uintptr, address uintptr, subStr string, mult bool) (uintptr, []uintptr)

扫描内存

Parameters
   ----------
   handle: uintptr
       Handle to an open object
   address: uintptr
       An address to search from
   subStr: string
       A regex byte pattern to search for
Returns

匹配

func SearchPattern ¶

func SearchPattern(hProcess uintptr, lpBaseAddress uintptr, MoudleSize int64, finder uint64, addrLen int) []uintptr

找到指定的上一级

func WriteProcessMemory ¶

func WriteProcessMemory(hProcess uintptr, lpBaseAddress uintptr, lpBuffer []byte) (uintptr, error)

写入进程中地址的值

Types ¶

type MEMORY_BASIC_INFORMATION ¶

type MEMORY_BASIC_INFORMATION struct {
	BaseAddress       uintptr
	AllocationBase    uintptr
	AllocationProtect uint32
	RegionSize        uintptr
	State             uint32
	Protect           uint32
	Type              uint32
}

type ProcessMoudleInfo ¶

type ProcessMoudleInfo struct {
	BaseAddress    int64  //基址地址
	BaseHexAddress string //基址地址(十六进制)
	MoudlePath     string // 模块地址
	MoudleName     string //模块名称
}

func EnumProcessModulesList ¶

func EnumProcessModulesList(hProcess uintptr) ([]ProcessMoudleInfo, error)

枚举进程模块

func GetProcessMoudleInfo ¶

func GetProcessMoudleInfo(hProcess uintptr, moduleName string) (ProcessMoudleInfo, error)

获取进程中某个模块的基本信息

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL