Documentation ¶
Index ¶
- Constants
- Variables
- func CoTaskMemFree(pv uintptr)
- func ConvertWindowsString(winput []uint8) string
- func ConvertWindowsString16(winput []uint16) string
- func ConvertWindowsStringList(winput []uint16) []string
- func GetAce(acl *Acl, index uint32, ace **AccessAllowedAce) error
- func GetAclInformation(acl *Acl, info *AclSizeInformation, class uint32) error
- func GetCommandLineForPid(pid uint32) (cmdline string, err error)
- func GetCommandLineForProcess(h windows.Handle) (cmdline string, err error)
- func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, ...) error
- func GetProgramDataDir() (path string, err error)
- func GetProgramDataDirForProduct(product string) (path string, err error)
- func GetSidFromUser() (*windows.SID, error)
- func GetUserFromSid(sid *windows.SID) (string, string, error)
- func GetWindowsBuildString() (verstring string, err error)
- func IsProcessElevated() (bool, error)
- func IsWow64Process(h windows.Handle) (is32bit bool, err error)
- func LogEventViewer(servicename string, msgnum uint32, arg string)
- func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)
- func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)
- func SHGetKnownFolderPath(rfid *GUID, dwFlags uint32, hToken windows.Handle, pszPath *uintptr) (retval error)
- type AccessAllowedAce
- type Acl
- type AclSizeInformation
- type GUID
- type PROCESSINFOCLASS
- type PagefileStat
- type SwapMemoryStat
- type VirtualMemoryStat
Constants ¶
const ( // ProcessBasicInformation returns the PEB type ProcessBasicInformation = PROCESSINFOCLASS(0) // ProcessDebugPort included for completeness ProcessDebugPort = PROCESSINFOCLASS(7) // ProcessWow64Information included for completeness ProcessWow64Information = PROCESSINFOCLASS(26) // ProcessImageFileName included for completeness ProcessImageFileName = PROCESSINFOCLASS(27) // ProcessBreakOnTermination included for completeness ProcessBreakOnTermination = PROCESSINFOCLASS(29) )
const ( AclRevisionInformationEnum = 1 AclSizeInformationEnum = 2 )
const ( ACCESS_ALLOWED_ACE_TYPE = 0 ACCESS_DENIED_ACE_TYPE = 1 )
const ( SE_UNKNOWN_OBJECT_TYPE = iota SE_FILE_OBJECT SE_SERVICE SE_PRINTER SE_REGISTRY_KEY SE_LMSHARE SE_KERNEL_OBJECT SE_WINDOW_OBJECT SE_DS_OBJECT SE_DS_OBJECT_ALL SE_PROVIDER_DEFINED_OBJECT SE_WMIGUID_OBJECT SE_REGISTRY_WOW64_32KEY )
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593.aspx
const ( OWNER_SECURITY_INFORMATION = 0x00001 GROUP_SECURITY_INFORMATION = 0x00002 DACL_SECURITY_INFORMATION = 0x00004 SACL_SECURITY_INFORMATION = 0x00008 LABEL_SECURITY_INFORMATION = 0x00010 ATTRIBUTE_SECURITY_INFORMATION = 0x00020 SCOPE_SECURITY_INFORMATION = 0x00040 PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00080 BACKUP_SECURITY_INFORMATION = 0x10000 PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000 PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000 UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000 UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000 )
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379573.aspx
Variables ¶
var ( // this is the GUID definition from shlobj.h //DEFINE_KNOWN_FOLDER(FOLDERID_ProgramData, 0x62AB5D82, 0xFDC1, 0x4DC3, 0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97); FOLDERIDProgramData = GUID{0x62AB5D82, 0xFDC1, 0x4DC3, [8]byte{0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97}} )
https://docs.microsoft.com/en-us/windows/desktop/shell/knownfolderid
FOLDERID_ProgramData GUID {62AB5D82-FDC1-4DC3-A9DD-070D1D495D97} Display Name ProgramData Folder Type FIXED Default Path %ALLUSERSPROFILE% (%ProgramData%, %SystemDrive%\ProgramData) CSIDL Equivalent CSIDL_COMMON_APPDATA Legacy Display Name Application Data Legacy Default Path %ALLUSERSPROFILE%\Application Data
Functions ¶
func CoTaskMemFree ¶
func CoTaskMemFree(pv uintptr)
CoTaskMemFree free memory returned from SHGetKnownFolderPath
func ConvertWindowsString ¶
ConvertWindowsString converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)
func ConvertWindowsString16 ¶
ConvertWindowsString16 converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)
func ConvertWindowsStringList ¶
ConvertWindowsStringList Converts a windows-style C list of strings (single null terminated elements double-null indicates the end of the list) to an array of Go strings
func GetAce ¶
func GetAce(acl *Acl, index uint32, ace **AccessAllowedAce) error
GetAce calls Windows 'GetAce' function to obtain a pointer to an access control entry (ACE) in an access control list (ACL).
func GetAclInformation ¶
func GetAclInformation(acl *Acl, info *AclSizeInformation, class uint32) error
GetAclInformation calls windows 'GetAclInformation' function to retrieve information about an access control list (ACL).
func GetCommandLineForPid ¶
GetCommandLineForPid returns the command line for the given PID
func GetCommandLineForProcess ¶
GetCommandLineForProcess returns the command line for the given process.
func GetNamedSecurityInfo ¶
func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl **Acl, secDesc *windows.Handle) error
GetNamedSecurityInfo calls Windows 'GetNamedSecurityInfo' function to retrieve a copy of the security descriptor for an object specified by name.
func GetProgramDataDir ¶
GetProgramDataDir returns the current programdatadir, usually c:\programdata\Datadog
func GetProgramDataDirForProduct ¶
GetProgramDataDirForProduct returns the current programdatadir, usually c:\programdata\Datadog given a product key name
func GetSidFromUser ¶ added in v0.31.0
GetSidFromUser grabs and returns the windows SID for the current user or an error. The *SID returned does not need to be freed by the caller.
func GetUserFromSid ¶ added in v0.31.0
GetUserFromSid returns the user and domain for a given windows SID, or an error if any.
func GetWindowsBuildString ¶
GetWindowsBuildString retrieves the windows build version by querying the resource string as directed here https://msdn.microsoft.com/en-us/library/windows/desktop/ms724429(v=vs.85).aspx as of Windows 8.1, the core GetVersion() APIs have been changed to return the version of Windows manifested with the application, not the application version
func IsProcessElevated ¶
IsProcessElevated opens the process token and checks elevation status, returning true if the process is elevated and false if not elevated.
func IsWow64Process ¶
IsWow64Process determines if the specified process is running under WOW64 that is, if it's a 32 bit process running on 64 bit winodws
func LogEventViewer ¶
LogEventViewer will open the event viewer API and log a single message to the event viewer. The string identified in the msgnum parameter must exist in the application's message catalog go log api only provides for a single argument to be passed, so can only include one positional argument
func NtQueryInformationProcess ¶
func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)
NtQueryInformationProcess wraps the Windows NT kernel call of the same name
func ReadProcessMemory ¶
func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)
ReadProcessMemory wraps the Windows kernel.dll function of the same name https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory
Types ¶
type AccessAllowedAce ¶
type AclSizeInformation ¶
type PROCESSINFOCLASS ¶
type PROCESSINFOCLASS uint32
PROCESSINFOCLASS is the Go representation of the above enum
type PagefileStat ¶
type PagefileStat struct { // The current committed memory limit for the system or // the current process, whichever is smaller, in bytes Total uint64 // The maximum amount of memory the current process can commit, in bytes. // This value is equal to or smaller than the system-wide available commit // value. Available uint64 // Used is Total - Available Used uint64 // UsedPercent is used as a percentage of the total pagefile UsedPercent float64 }
PagefileStat contains basic metrics for the windows pagefile
func PagefileMemory ¶
func PagefileMemory() (*PagefileStat, error)
PagefileMemory returns paging (swap) file metrics
type SwapMemoryStat ¶
SwapMemoryStat contains swap statistics
type VirtualMemoryStat ¶
type VirtualMemoryStat struct { // Total amount of RAM on this system Total uint64 // RAM available for programs to allocate // // This value is computed from the kernel specific values. Available uint64 // RAM used by programs // // This value is computed from the kernel specific values. Used uint64 // Percentage of RAM used by programs // // This value is computed from the kernel specific values. UsedPercent float64 }
VirtualMemoryStat contains basic metrics for virtual memory
func VirtualMemory ¶
func VirtualMemory() (*VirtualMemoryStat, error)
VirtualMemory returns virtual memory metrics for the machine