Documentation ¶
Index ¶
- Constants
- Variables
- func IsErrSuccess(err error) bool
- func ProcEnumProcessModules(hProcess w32.HANDLE, hmodule *w32.HMODULE, cb w32.DWORD, lpcbNeeded *w32.DWORD) bool
- func ProcGetModuleFileNameExW(hProcess w32.HANDLE, hModule w32.HMODULE, lpFileName *[MAX_PATH]uint16, ...) uint32
- func ProcNtCreateProcess(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
- func ProcNtCreateSection(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
- func ProcNtCreateThreadEx(hThread *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
- func ProcNtQueryInformationProcess(hProcess w32.HANDLE, ProcessInfoClass int, ...) uint32
- func ProcNtReadVirtualMemory(processHandle w32.HANDLE, BaseAddress w32.PVOID, Buffer w32.PVOID, ...) uint32
- func ProcOpenProcess(DesireAccess, InheritHandle, ProcessId uint) uintptr
- func ProcRtlCreateProcessParametersEx(pProcessParameters *uintptr, ImagePathName *w32.UNICODE_STRING, ...) uint32
- func ProcRtlInitUnicodeStringEx(target *w32.UNICODE_STRING, source *string) uint32
- func ProcSetFileInformationByHandle(fileHandle w32.HANDLE, FileInformationClass1 FileInformationClass, ...) bool
- func ProcVirtualProtectEx(hProcess w32.HANDLE, lpAddress w32.PVOID, dwSize w32.SIZE_T, ...) uint32
- func ProcWriteProcessMemory(hProcess w32.HANDLE, lpBaseAddress uintptr, data []byte, size uint) (err error)
- type ACCESS_MASK
- type FILE_DISPOSITION_INFO
- type FileInformationClass
- type OBJECT_ATTRIBUTES
- type PROCESS_BASE_INFORMATION
- type RTL_USER_PROCESS_PARAMETERS
Constants ¶
View Source
const ( FileBasicInfo = 0 FileStandardInfo = 1 FileNameInfo = 2 FileRenameInfo = 3 FileDispositionInfo = 4 FileAllocationInfo = 5 FileEndOfFileInfo = 6 FileStreamInfo = 7 FileCompressionInfo = 8 FileAttributeTagInfo = 9 FileIdBothDirectoryInfo = 10 // 0xA FileIdBothDirectoryRestartInfo = 11 // 0xB FileIoPriorityHintInfo = 12 // 0xC FileRemoteProtocolInfo = 13 // 0xD FileFullDirectoryInfo = 14 // 0xE FileFullDirectoryRestartInfo = 15 // 0xF FileStorageInfo = 16 // 0x10 FileAlignmentInfo = 17 // 0x11 FileIdInfo = 18 // 0x12 FileIdExtdDirectoryInfo = 19 // 0x13 FileIdExtdDirectoryRestartInfo = 20 // 0x14 )
View Source
const MAX_PATH = 255
Variables ¶
View Source
var ( SetFileInformationByHandle = kernel32.MustFindProc("SetFileInformationByHandle") OpenProcess = kernel32.MustFindProc("OpenProcess") VirtualProtectEx = kernel32.MustFindProc("VirtualProtectEx") WriteProcessMemory = kernel32.MustFindProc("WriteProcessMemory") )
View Source
var ( NtCreateProcessEx = ntdll.MustFindProc("NtCreateProcessEx") NtCreateSection = ntdll.MustFindProc("NtCreateSection") NtClose = ntdll.MustFindProc("NtClose") NtReadVirtualMemory = ntdll.MustFindProc("NtReadVirtualMemory") NtCreateThreadEx = ntdll.MustFindProc("NtCreateThreadEx") RtlCreateProcessParametersEx = ntdll.MustFindProc("RtlCreateProcessParametersEx") NtQueryInformationProcess = ntdll.MustFindProc("NtQueryInformationProcess") RtlInitUnicodeStringEx = ntdll.MustFindProc("RtlInitUnicodeStringEx") )
View Source
var ( EnumProcessModules = psapi.MustFindProc("EnumProcessModules") GetModuleFileNameExW = psapi.MustFindProc("GetModuleFileNameExW") )
Functions ¶
func IsErrSuccess ¶
func ProcEnumProcessModules ¶
func ProcNtCreateProcess ¶
func ProcNtCreateSection ¶
func ProcNtCreateSection(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ObjectAttributes *OBJECT_ATTRIBUTES, MaximumSize *uint64, SectionPageProtection uint32, AllocationAttributes uint32, FileHandle w32.HANDLE) uint32
func ProcNtCreateThreadEx ¶
func ProcNtCreateThreadEx(hThread *w32.HANDLE, DesiredAccess ACCESS_MASK, ObjectAttributes *w32.OBJECT_ATTRIBUTES, ProcessHandle w32.HANDLE, lpStartAddress unsafe.Pointer, lpParameter unsafe.Pointer, CreateSuspended int, StackZeroBits uint32, SizeOfStackCommit uint32, SizeOfStackReserve uint32, lpBytesBuffer unsafe.Pointer) uint32
func ProcNtReadVirtualMemory ¶
func ProcOpenProcess ¶
func ProcRtlCreateProcessParametersEx ¶
func ProcRtlCreateProcessParametersEx(pProcessParameters *uintptr, ImagePathName *w32.UNICODE_STRING, DllPath *w32.UNICODE_STRING, CurrentDirectory *w32.UNICODE_STRING, CommandLine *w32.UNICODE_STRING, Environment w32.PVOID, WindowTitle *w32.UNICODE_STRING, DesktopInfo *w32.UNICODE_STRING, ShellInfo *w32.UNICODE_STRING, RuntimeData *w32.UNICODE_STRING, flag uint) uint32
func ProcRtlInitUnicodeStringEx ¶
func ProcRtlInitUnicodeStringEx(target *w32.UNICODE_STRING, source *string) uint32
func ProcSetFileInformationByHandle ¶
func ProcSetFileInformationByHandle(fileHandle w32.HANDLE, FileInformationClass1 FileInformationClass, fileInformation *FILE_DISPOSITION_INFO, bufferSize w32.DWORD) bool
func ProcVirtualProtectEx ¶
Types ¶
type ACCESS_MASK ¶
type ACCESS_MASK uint32
type FILE_DISPOSITION_INFO ¶
type FILE_DISPOSITION_INFO struct {
DeleteFile bool
}
type FileInformationClass ¶
type FileInformationClass int
type OBJECT_ATTRIBUTES ¶
type RTL_USER_PROCESS_PARAMETERS ¶
type RTL_USER_PROCESS_PARAMETERS struct { ImagePathName w32.UNICODE_STRING CommandLine w32.UNICODE_STRING // contains filtered or unexported fields }
Click to show internal directories.
Click to hide internal directories.