Documentation
¶
Index ¶
- Constants
- func CreateProcess(shellcode []byte, pid int) error
- func CreateRemoteThread(shellcode []byte, pid int) error
- func EnumSystemLocales(shellcode []byte) error
- func EnumSystemLocalesHalos(shellcode []byte) error
- func EtwpCreateEtwThread(shellcode []byte) error
- func Fibers(shellcode []byte) error
- func NoRWX(shellcode []byte) error
- func NtCreateThreadEx(shellcode []byte, pid int) error
- func NtCreateThreadExHalos(shellcode []byte) error
- func NtQueueApcThreadEx(shellcode []byte) error
- func ProcessHollowing(shellcode []byte, proc string, blockdlls bool) error
- func QueueUserApc(shellcode []byte) error
- func RtlCreateUserThread(shellcode []byte, pid int) error
- func UuidFromString(shellcode []byte) error
- type CLIENT_ID
- type IMAGE_DATA_DIRECTORY
- type IMAGE_DOS_HEADER
- type IMAGE_FILE_HEADER
- type IMAGE_NT_HEADER
- type IMAGE_OPTIONAL_HEADER
- type IMAGE_OPTIONAL_HEADER32
- type IMAGE_OPTIONAL_HEADER64
- type PEB
- type PROCESS_BASIC_INFORMATION
- type PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY
- type PROC_THREAD_ATTRIBUTE_ENTRY
- type PROC_THREAD_ATTRIBUTE_LIST
- type PTHREAD_BASIC_INFORMATION
- type ProcessInformation
- type SC_SERVICE_TAG_QUERY
- type StartupInfoEx
Constants ¶
View Source
const ( MEM_COMMIT = 0x1000 MEM_RESERVE = 0x2000 PAGE_EXECUTE_READ = 0x20 PAGE_READWRITE = 0x04 )
View Source
const (
IDX = 32
)
Variables ¶
This section is empty.
Functions ¶
func CreateProcess ¶
func CreateRemoteThread ¶
func EnumSystemLocales ¶
func EnumSystemLocalesHalos ¶
func EtwpCreateEtwThread ¶
func NtCreateThreadEx ¶
func NtCreateThreadExHalos ¶
func NtQueueApcThreadEx ¶
func QueueUserApc ¶
func RtlCreateUserThread ¶
func UuidFromString ¶
Types ¶
type IMAGE_DATA_DIRECTORY ¶
type IMAGE_DOS_HEADER ¶
type IMAGE_DOS_HEADER struct {
E_lfanew uint32
}
type IMAGE_FILE_HEADER ¶
type IMAGE_NT_HEADER ¶
type IMAGE_NT_HEADER struct {
Signature uint32
FileHeader IMAGE_FILE_HEADER
OptionalHeader IMAGE_OPTIONAL_HEADER
}
type IMAGE_OPTIONAL_HEADER ¶
type IMAGE_OPTIONAL_HEADER struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
ImageBase uint64
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint64
SizeOfStackCommit uint64
SizeOfHeapReserve uint64
SizeOfHeapCommit uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
DataDirectory [16]IMAGE_DATA_DIRECTORY
}
type IMAGE_OPTIONAL_HEADER32 ¶
type IMAGE_OPTIONAL_HEADER32 struct {
Magic uint16
MajorLinkerVersion byte
MinorLinkerVersion byte
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32 // Different from 64 bit header
ImageBase uint64
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint64
SizeOfStackCommit uint64
SizeOfHeapReserve uint64
SizeOfHeapCommit uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
DataDirectory uintptr
}
type IMAGE_OPTIONAL_HEADER64 ¶
type IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER
type PEB ¶
type PEB struct {
InheritedAddressSpace byte // BYTE 0
ReadImageFileExecOptions byte // BYTE 1
BeingDebugged byte // BYTE 2
Mutant uintptr // BYTE 4
ImageBaseAddress uintptr // BYTE 8
Ldr uintptr // PPEB_LDR_DATA
ProcessParameters uintptr // PRTL_USER_PROCESS_PARAMETERS
AtlThunkSListPtr uintptr // PVOID
AtlThunkSListPtr32 uint32 // ULONG
PostProcessInitRoutine uintptr // PPS_POST_PROCESS_INIT_ROUTINE
SessionId uint32 // ULONG
// contains filtered or unexported fields
}
type PROCESS_BASIC_INFORMATION ¶
type PROCESS_BASIC_INFORMATION struct {
PebBaseAddress uintptr // PPEB
UniqueProcessId uintptr // ULONG_PTR
InheritedFromUniqueProcessID uintptr // PVOID
// contains filtered or unexported fields
}
https://github.com/elastic/go-windows/blob/master/ntdll.go#L77
type PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY ¶
type PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY struct {
Flags uint32
}
type PROC_THREAD_ATTRIBUTE_ENTRY ¶
type PROC_THREAD_ATTRIBUTE_ENTRY struct {
// contains filtered or unexported fields
}
type PROC_THREAD_ATTRIBUTE_LIST ¶
type PROC_THREAD_ATTRIBUTE_LIST struct {
// contains filtered or unexported fields
}
type ProcessInformation ¶
type SC_SERVICE_TAG_QUERY ¶
type SC_SERVICE_TAG_QUERY struct {
// contains filtered or unexported fields
}
type StartupInfoEx ¶
type StartupInfoEx struct {
windows.StartupInfo
AttributeList *PROC_THREAD_ATTRIBUTE_LIST
}
Source Files
Click to show internal directories.
Click to hide internal directories.