ParentAntiDebug

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 12, 2024 License: Unlicense Imports: 6 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CurrentProcName

func CurrentProcName() (string, error)

CurrentProcName returns the name of the current executable

func NtQueryProc

func NtQueryProc(handle syscall.Handle, class uint32, info *ProcessInfo, length uint32) error

NtQueryProc queries process information

func ParentAntiDebug

func ParentAntiDebug() bool

ParentAntiDebug checks the parent process if it's explorer.exe or cmd.exe

func QueryImageName

func QueryImageName(handle syscall.Handle, flags uint32, nameBuffer []uint16, size *uint32) error

QueryImageName retrieves the full image name of the process

Types

type ProcessInfo

type ProcessInfo struct {
	Res1             uintptr
	PebAddr          uintptr
	Res2             [2]uintptr
	PID              uintptr
	InheritedFromPID uintptr
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL