Documentation ¶
Overview ¶
Package winutil provides windows utilities
Package winutil contains Windows OS utilities
Index ¶
- Constants
- func ControlService(serviceName string, command svc.Cmd, to svc.State, desiredAccess uint32, ...) error
- func ConvertWindowsString(winput []uint8) string
- func ConvertWindowsString16(winput []uint16) string
- func ConvertWindowsStringList(winput []uint16) []string
- func ExpandEnvironmentStrings(input string) (string, error)
- func FileTimeToUnix(ft uint64) uint64
- func FileTimeToUnixNano(ft uint64) uint64
- func GetAce(acl *ACL, index uint32, ace **ACCESS_ALLOWED_ACE) error
- func GetAclInformation(acl *ACL, info *ACL_SIZE_INFORMATION, class uint32) error
- func GetImagePathForProcess(h windows.Handle) (string, error)
- func GetLocalSystemSID() (*windows.SID, error)
- func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, ...) error
- func GetProgramDataDir() (path string, err error)
- func GetProgramDataDirForProduct(product string) (path string, err error)
- func GetProgramFilesDirForProduct(product string) (path string, err error)
- func GetSidFromUser() (*windows.SID, error)
- func GetWindowsBuildString() (verstring string, err error)
- func IsCurrentProcessLocalSystem() (bool, error)
- func IsProcess(pid int) bool
- func IsProcessElevated() (bool, error)
- func IsServiceDisabled(serviceName string) (enabled bool, err error)
- func IsServiceRunning(serviceName string) (running bool, err error)
- func IsUserAnAdmin() (bool, error)
- func IsWow64Process(h windows.Handle) (is32bit bool, err error)
- func KillProcess(pid int, returnCode uint32) error
- func LogEventViewer(servicename string, msgnum uint32, arg string)
- func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)
- func OpenSCManager(desiredAccess uint32) (*mgr.Mgr, error)
- func OpenService(manager *mgr.Mgr, serviceName string, desiredAccess uint32) (*mgr.Service, error)
- func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)
- func RestartService(serviceName string) error
- func StartService(serviceName string, serviceArgs ...string) error
- func StopService(serviceName string) error
- func UTF16PtrOrNilFromString(s string) (*uint16, error)
- func WaitForState(ctx context.Context, serviceName string, desiredState svc.State) error
- type ACCESS_ALLOWED_ACE
- type ACL
- type ACL_SIZE_INFORMATION
- type DynamicIISConfig
- type PROCESSINFOCLASS
- type PagefileStat
- type ProcessCommandParams
- type SCMMonitor
- type ServiceInfo
- type ServiceList
- type SwapMemoryStat
- type VirtualMemoryStat
Constants ¶
const ( // ProcessBasicInformation returns the PEB type ProcessBasicInformation = PROCESSINFOCLASS(0) // ProcessDebugPort included for completeness ProcessDebugPort = PROCESSINFOCLASS(7) // ProcessWow64Information included for completeness ProcessWow64Information = PROCESSINFOCLASS(26) // ProcessImageFileName included for completeness ProcessImageFileName = PROCESSINFOCLASS(27) // ProcessBreakOnTermination included for completeness ProcessBreakOnTermination = PROCESSINFOCLASS(29) )
const ( AclRevisionInformation = 1 AclSizeInformation = 2 )
ACL_INFORMATION_CLASS enum
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-acl_information_class
const ( ACCESS_ALLOWED_ACE_TYPE = 0 ACCESS_DENIED_ACE_TYPE = 1 )
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
const EpochDifferenceSecs uint64 = 116444736000000000
EpochDifferenceSecs is the difference between windows and unix epochs in 100ns intervals From GetUnixTimestamp() datadog-windows-filter\ddfilter\http\http_callbacks.c 11644473600s * 1000ms/s * 1000us/ms * 10 intervals/us
Variables ¶
This section is empty.
Functions ¶
func ControlService ¶ added in v0.51.0
func ControlService(serviceName string, command svc.Cmd, to svc.State, desiredAccess uint32, timeout uint64) error
ControlService sends a control code to a specified service and waits up to timeout for the service to transition to the requested state
https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-controlservice
func ConvertWindowsString ¶
ConvertWindowsString converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)
func ConvertWindowsString16 ¶
ConvertWindowsString16 converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)
func ConvertWindowsStringList ¶
ConvertWindowsStringList Converts a windows-style C list of strings (single null terminated elements double-null indicates the end of the list) to an array of Go strings
func ExpandEnvironmentStrings ¶ added in v0.51.0
ExpandEnvironmentStrings returns a string with any environment variables substituted.
provided here because `x/sys/windows` provides a wrapper to the underlying function, but it expects C strings. This will do the buffer calculation and return the go string everyone wants.
func FileTimeToUnix ¶ added in v0.51.0
FileTimeToUnix translates Windows FileTime to seconds since Unix epoch
func FileTimeToUnixNano ¶ added in v0.51.0
FileTimeToUnixNano translates Windows FileTime to nanoseconds since Unix epoch
func GetAce ¶
func GetAce(acl *ACL, index uint32, ace **ACCESS_ALLOWED_ACE) error
GetAce calls Windows 'GetAce' function to obtain a pointer to an access control entry (ACE) in an access control list (ACL).
https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-getace
func GetAclInformation ¶
func GetAclInformation(acl *ACL, info *ACL_SIZE_INFORMATION, class uint32) error
GetAclInformation calls windows 'GetAclInformation' function to retrieve information about an access control list (ACL).
func GetImagePathForProcess ¶ added in v0.32.0
GetImagePathForProcess returns executable path name in the win32 format
func GetLocalSystemSID ¶ added in v0.55.0
GetLocalSystemSID returns the SID of the Local System account the returned SID must be freed by windows.FreeSid()
func GetNamedSecurityInfo ¶
func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl **ACL, secDesc *windows.Handle) error
GetNamedSecurityInfo calls Windows 'GetNamedSecurityInfo' function to retrieve a copy of the security descriptor for an object specified by name.
https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-getnamedsecurityinfow
func GetProgramDataDir ¶
GetProgramDataDir returns the current programdatadir, usually c:\programdata\Datadog
func GetProgramDataDirForProduct ¶
GetProgramDataDirForProduct returns the current programdatadir, usually c:\programdata\Datadog given a product key name
func GetProgramFilesDirForProduct ¶ added in v0.32.0
GetProgramFilesDirForProduct returns the root of the installatoin directory, usually c:\program files\datadog\datadog agent
func GetSidFromUser ¶ added in v0.31.0
GetSidFromUser grabs and returns the windows SID for the current user or an error. The *SID returned does not need to be freed by the caller.
func GetWindowsBuildString ¶
GetWindowsBuildString retrieves the windows build version by querying the resource string as directed here https://msdn.microsoft.com/en-us/library/windows/desktop/ms724429(v=vs.85).aspx as of Windows 8.1, the core GetVersion() APIs have been changed to return the version of Windows manifested with the application, not the application version
func IsCurrentProcessLocalSystem ¶ added in v0.55.0
IsCurrentProcessLocalSystem checks if the current process is running as Local System
func IsProcess ¶ added in v0.51.0
IsProcess checks to see if a given pid is currently valid in the process table
func IsProcessElevated ¶
IsProcessElevated opens the process token and checks elevation status, returning true if the process is elevated and false if not elevated.
func IsServiceDisabled ¶ added in v0.51.0
IsServiceDisabled returns true if serviceName is disabled
func IsServiceRunning ¶ added in v0.51.0
IsServiceRunning returns true if serviceName's state is SERVICE_RUNNING
func IsUserAnAdmin ¶ added in v0.51.0
IsUserAnAdmin returns true is a user is a member of the Administrator's group TODO: Microsoft does not recommend using this function, instead CheckTokenMembership should be used.
https://learn.microsoft.com/en-us/windows/win32/api/shlobj_core/nf-shlobj_core-isuseranadmin
func IsWow64Process ¶
IsWow64Process determines if the specified process is running under WOW64 that is, if it's a 32 bit process running on 64 bit winodws
func KillProcess ¶ added in v0.55.0
KillProcess kills the process with the given PID, supplying the given return code
func LogEventViewer ¶
LogEventViewer will open the event viewer API and log a single message to the event viewer. The string identified in the msgnum parameter must exist in the application's message catalog go log api only provides for a single argument to be passed, so can only include one positional argument
func NtQueryInformationProcess ¶
func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)
NtQueryInformationProcess wraps the Windows NT kernel call of the same name
func OpenSCManager ¶ added in v0.51.0
OpenSCManager connects to SCM
https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-openscmanagerw
func OpenService ¶ added in v0.51.0
OpenService opens a handle for serviceName
https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-openservicew
func ReadProcessMemory ¶
func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)
ReadProcessMemory wraps the Windows kernel.dll function of the same name https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory
func RestartService ¶ added in v0.51.0
RestartService stops a service and thenif the stop was successful starts it again
func StartService ¶ added in v0.51.0
StartService starts serviceName via SCM.
Does not block until service is started https://learn.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-startservicea#remarks
func StopService ¶ added in v0.51.0
StopService stops a service and any services that depend on it
func UTF16PtrOrNilFromString ¶ added in v0.51.0
UTF16PtrOrNilFromString converts a go string into a *uint16 using windows.Utf16PtrFromString, but will return nil for empty strings.
Useful for Windows APIs that take NULL or a non-zero length string. Be careful to check that the Windows API does not have special behavior for a zero-length string.
Types ¶
type ACCESS_ALLOWED_ACE ¶ added in v0.51.0
type ACCESS_ALLOWED_ACE struct { AceType uint8 AceFlags uint8 AceSize uint16 AccessMask uint32 SidStart uint32 }
ACCESS_ALLOWED_ACE struct
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
type ACL ¶ added in v0.51.0
ACL struct
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl
type ACL_SIZE_INFORMATION ¶ added in v0.51.0
ACL_SIZE_INFORMATION struct
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl_size_information
type DynamicIISConfig ¶ added in v0.51.0
type DynamicIISConfig struct {
// contains filtered or unexported fields
}
DynamicIISConfig is an object that will watch the IIS configuration for changes, and reload the configuration when it changes. It provides additional methods for getting specific configuration items
func NewDynamicIISConfig ¶ added in v0.51.0
func NewDynamicIISConfig() (*DynamicIISConfig, error)
NewDynamicIISConfig creates a new DynamicIISConfig
func (*DynamicIISConfig) GetSiteNameFromID ¶ added in v0.51.0
func (iiscfg *DynamicIISConfig) GetSiteNameFromID(id uint32) string
GetSiteNameFromID looks up a site name by its site ID
func (*DynamicIISConfig) Start ¶ added in v0.51.0
func (iiscfg *DynamicIISConfig) Start() error
Start config watcher
func (*DynamicIISConfig) Stop ¶ added in v0.51.0
func (iiscfg *DynamicIISConfig) Stop()
Stop config watcher
type PROCESSINFOCLASS ¶
type PROCESSINFOCLASS uint32
PROCESSINFOCLASS is the Go representation of the above enum
type PagefileStat ¶
type PagefileStat struct { // The current committed memory limit for the system or // the current process, whichever is smaller, in bytes Total uint64 // The maximum amount of memory the current process can commit, in bytes. // This value is equal to or smaller than the system-wide available commit // value. Available uint64 // Used is Total - Available Used uint64 // UsedPercent is used as a percentage of the total pagefile UsedPercent float64 }
PagefileStat contains basic metrics for the windows pagefile
func PagefileMemory ¶
func PagefileMemory() (*PagefileStat, error)
PagefileMemory returns paging (swap) file metrics
type ProcessCommandParams ¶ added in v0.32.0
ProcessCommandParams defines process command params
func GetCommandParamsForPid ¶ added in v0.32.0
func GetCommandParamsForPid(pid uint32, includeImagePath bool) (*ProcessCommandParams, error)
GetCommandParamsForPid returns the command line (and optionally image path) for the given PID
func GetCommandParamsForProcess ¶ added in v0.32.0
func GetCommandParamsForProcess(h windows.Handle, includeImagePath bool) (*ProcessCommandParams, error)
GetCommandParamsForProcess returns the command line (and optionally image path) for the given process
type SCMMonitor ¶ added in v0.51.0
type SCMMonitor struct {
// contains filtered or unexported fields
}
SCMMonitor is an object that allows the caller to monitor Windows services. The object will maintain a table of active services indexed by PID
func GetServiceMonitor ¶ added in v0.51.0
func GetServiceMonitor() *SCMMonitor
GetServiceMonitor returns a service monitor object
func (*SCMMonitor) GetRefreshCount ¶ added in v0.51.0
func (scm *SCMMonitor) GetRefreshCount() uint64
GetRefreshCount returns the number of times we've actually queried the SCM database. used for logging stats.
func (*SCMMonitor) GetServiceInfo ¶ added in v0.51.0
func (scm *SCMMonitor) GetServiceInfo(pid uint64) (*ServiceInfo, error)
GetServiceInfo gets the service name and display name if the process identified by the pid is in the SCM. A process which is not an SCM controlled service will return nil with no error
type ServiceInfo ¶ added in v0.51.0
ServiceInfo contains name information for each service identified by PID
type ServiceList ¶ added in v0.51.0
type ServiceList struct {
// contains filtered or unexported fields
}
ServiceList is the return value from a query by pid.
type SwapMemoryStat ¶
SwapMemoryStat contains swap statistics
type VirtualMemoryStat ¶
type VirtualMemoryStat struct { // Total amount of RAM on this system Total uint64 // RAM available for programs to allocate // // This value is computed from the kernel specific values. Available uint64 // RAM used by programs // // This value is computed from the kernel specific values. Used uint64 // Percentage of RAM used by programs // // This value is computed from the kernel specific values. UsedPercent float64 }
VirtualMemoryStat contains basic metrics for virtual memory
func VirtualMemory ¶
func VirtualMemory() (*VirtualMemoryStat, error)
VirtualMemory returns virtual memory metrics for the machine
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
eventlog
|
|
api
Package evtapi defines the interface and common types for interacting with the Windows Event Log API from Golang
|
Package evtapi defines the interface and common types for interacting with the Windows Event Log API from Golang |
api/fake
Package fakeevtapi is a fake implementation of the Windows Event Log API intended to be used in tests.
|
Package fakeevtapi is a fake implementation of the Windows Event Log API intended to be used in tests. |
api/windows
Package winevtapi implements the evtapi.API interface with the Windows Event Log API
|
Package winevtapi implements the evtapi.API interface with the Windows Event Log API |
bookmark
Package evtbookmark provides helpers for working with Windows Event Log Bookmarks
|
Package evtbookmark provides helpers for working with Windows Event Log Bookmarks |
reporter
Package evtreporter provides helpers for writing events to the Windows Event Log
|
Package evtreporter provides helpers for writing events to the Windows Event Log |
session
Package evtsession provides helpers for managing an Event Log API session https://learn.microsoft.com/en-us/windows/win32/wes/accessing-remote-computers
|
Package evtsession provides helpers for managing an Event Log API session https://learn.microsoft.com/en-us/windows/win32/wes/accessing-remote-computers |
subscription
Package evtsubscribe provides helpers for reading Windows Event Logs with a Pull Subscription
|
Package evtsubscribe provides helpers for reading Windows Event Logs with a Pull Subscription |
test
Package eventlog_test provides helpers for testing code that uses the eventlog package
|
Package eventlog_test provides helpers for testing code that uses the eventlog package |
Package messagestrings defines the MESSAGETABLE constants used by agent binaries
|
Package messagestrings defines the MESSAGETABLE constants used by agent binaries |
Package servicemain provides Windows Service application helpers
|
Package servicemain provides Windows Service application helpers |