winutil

package module
v0.19.0-rc.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 9, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	// ProcessBasicInformation returns the PEB type
	ProcessBasicInformation = PROCESSINFOCLASS(0)
	// ProcessDebugPort included for completeness
	ProcessDebugPort = PROCESSINFOCLASS(7)
	// ProcessWow64Information included for completeness
	ProcessWow64Information = PROCESSINFOCLASS(26)
	// ProcessImageFileName included for completeness
	ProcessImageFileName = PROCESSINFOCLASS(27)
	// ProcessBreakOnTermination included for completeness
	ProcessBreakOnTermination = PROCESSINFOCLASS(29)
)
View Source 
const (
	AclRevisionInformationEnum = 1
	AclSizeInformationEnum     = 2
)
View Source 
const (
	ACCESS_ALLOWED_ACE_TYPE = 0
	ACCESS_DENIED_ACE_TYPE  = 1
)
View Source 
const (
	SE_UNKNOWN_OBJECT_TYPE = iota
	SE_FILE_OBJECT
	SE_SERVICE
	SE_PRINTER
	SE_REGISTRY_KEY
	SE_LMSHARE
	SE_KERNEL_OBJECT
	SE_WINDOW_OBJECT
	SE_DS_OBJECT
	SE_DS_OBJECT_ALL
	SE_PROVIDER_DEFINED_OBJECT
	SE_WMIGUID_OBJECT
	SE_REGISTRY_WOW64_32KEY
)

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593.aspx

View Source 
const (
	OWNER_SECURITY_INFORMATION               = 0x00001
	GROUP_SECURITY_INFORMATION               = 0x00002
	DACL_SECURITY_INFORMATION                = 0x00004
	SACL_SECURITY_INFORMATION                = 0x00008
	LABEL_SECURITY_INFORMATION               = 0x00010
	ATTRIBUTE_SECURITY_INFORMATION           = 0x00020
	SCOPE_SECURITY_INFORMATION               = 0x00040
	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00080
	BACKUP_SECURITY_INFORMATION              = 0x10000

	PROTECTED_DACL_SECURITY_INFORMATION   = 0x80000000
	PROTECTED_SACL_SECURITY_INFORMATION   = 0x40000000
	UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
	UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
)

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379573.aspx

Variables

This section is empty.

Functions

func ConvertWindowsString 

func ConvertWindowsString(winput []uint8) string

ConvertWindowsString converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)

func ConvertWindowsString16 

func ConvertWindowsString16(winput []uint16) string

ConvertWindowsString16 converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)

func ConvertWindowsStringList 

func ConvertWindowsStringList(winput []uint16) []string

ConvertWindowsStringList Converts a windows-style C list of strings (single null terminated elements double-null indicates the end of the list) to an array of Go strings

func GetAce 

func GetAce(acl *Acl, index uint32, ace **AccessAllowedAce) error

GetAce calls Windows 'GetAce' function to obtain a pointer to an access control entry (ACE) in an access control list (ACL).

func GetAclInformation 

func GetAclInformation(acl *Acl, info *AclSizeInformation, class uint32) error

GetAclInformation calls windows 'GetAclInformation' function to retrieve information about an access control list (ACL).

func GetImagePathForProcess 

func GetImagePathForProcess(h windows.Handle) (string, error)

GetImagePathForProcess returns executable path name in the win32 format

func GetNamedSecurityInfo 

func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl **Acl, secDesc *windows.Handle) error

GetNamedSecurityInfo calls Windows 'GetNamedSecurityInfo' function to retrieve a copy of the security descriptor for an object specified by name.

func GetProgramDataDir 

func GetProgramDataDir() (path string, err error)

GetProgramDataDir returns the current programdatadir, usually c:\programdata\Datadog

func GetProgramDataDirForProduct 

func GetProgramDataDirForProduct(product string) (path string, err error)

GetProgramDataDirForProduct returns the current programdatadir, usually c:\programdata\Datadog given a product key name

func GetProgramFilesDirForProduct 

func GetProgramFilesDirForProduct(product string) (path string, err error)

GetProgramFilesDirForProduct returns the root of the installatoin directory, usually c:\program files\datadog\datadog agent

func GetSidFromUser 

func GetSidFromUser() (*windows.SID, error)

GetSidFromUser grabs and returns the windows SID for the current user or an error. The *SID returned does not need to be freed by the caller.

func GetUserFromSid 

func GetUserFromSid(sid *windows.SID) (string, string, error)

GetUserFromSid returns the user and domain for a given windows SID, or an error if any.

func GetWindowsBuildString 

func GetWindowsBuildString() (verstring string, err error)

GetWindowsBuildString retrieves the windows build version by querying the resource string as directed here https://msdn.microsoft.com/en-us/library/windows/desktop/ms724429(v=vs.85).aspx as of Windows 8.1, the core GetVersion() APIs have been changed to return the version of Windows manifested with the application, not the application version

func IsProcessElevated 

func IsProcessElevated() (bool, error)

IsProcessElevated opens the process token and checks elevation status, returning true if the process is elevated and false if not elevated.

func IsWow64Process 

func IsWow64Process(h windows.Handle) (is32bit bool, err error)

IsWow64Process determines if the specified process is running under WOW64 that is, if it's a 32 bit process running on 64 bit winodws

func LogEventViewer 

func LogEventViewer(servicename string, msgnum uint32, arg string)

LogEventViewer will open the event viewer API and log a single message to the event viewer. The string identified in the msgnum parameter must exist in the application's message catalog go log api only provides for a single argument to be passed, so can only include one positional argument

func NtQueryInformationProcess 

func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)

NtQueryInformationProcess wraps the Windows NT kernel call of the same name

func ReadProcessMemory 

func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)

ReadProcessMemory wraps the Windows kernel.dll function of the same name https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory

Types

type AccessAllowedAce 

type AccessAllowedAce struct {
	AceType    uint8
	AceFlags   uint8
	AceSize    uint16
	AccessMask uint32
	SidStart   uint32
}

type Acl 

type Acl struct {
	AclRevision uint8
	Sbz1        uint8
	AclSize     uint16
	AceCount    uint16
	Sbz2        uint16
}

type AclSizeInformation 

type AclSizeInformation struct {
	AceCount      uint32
	AclBytesInUse uint32
	AclBytesFree  uint32
}

type PROCESSINFOCLASS 

type PROCESSINFOCLASS uint32

PROCESSINFOCLASS is the Go representation of the above enum

type PagefileStat 

type PagefileStat struct {
	// The current committed memory limit for the system or
	// the current process, whichever is smaller, in bytes
	Total uint64

	// The maximum amount of memory the current process can commit, in bytes.
	// This value is equal to or smaller than the system-wide available commit
	// value.
	Available uint64

	// Used is Total - Available
	Used uint64

	// UsedPercent is used as a percentage of the total pagefile
	UsedPercent float64
}

PagefileStat contains basic metrics for the windows pagefile

func PagefileMemory 

func PagefileMemory() (*PagefileStat, error)

PagefileMemory returns paging (swap) file metrics

type ProcessCommandParams 

type ProcessCommandParams struct {
	CmdLine   string
	ImagePath string
}

ProcessCommandParams defines process command params

func GetCommandParamsForPid 

func GetCommandParamsForPid(pid uint32, includeImagePath bool) (*ProcessCommandParams, error)

GetCommandParamsForPid returns the command line (and optionally image path) for the given PID

func GetCommandParamsForProcess 

func GetCommandParamsForProcess(h windows.Handle, includeImagePath bool) (*ProcessCommandParams, error)

GetCommandParamsForProcess returns the command line (and optionally image path) for the given process

type SwapMemoryStat 

type SwapMemoryStat struct {
	Total       uint64
	Used        uint64
	Free        uint64
	UsedPercent float64
}

SwapMemoryStat contains swap statistics

func SwapMemory 

func SwapMemory() (*SwapMemoryStat, error)

SwapMemory returns swapfile statistics

type VirtualMemoryStat 

type VirtualMemoryStat struct {
	// Total amount of RAM on this system
	Total uint64

	// RAM available for programs to allocate
	//
	// This value is computed from the kernel specific values.
	Available uint64

	// RAM used by programs
	//
	// This value is computed from the kernel specific values.
	Used uint64

	// Percentage of RAM used by programs
	//
	// This value is computed from the kernel specific values.
	UsedPercent float64
}

VirtualMemoryStat contains basic metrics for virtual memory

func VirtualMemory 

func VirtualMemory() (*VirtualMemoryStat, error)

VirtualMemory returns virtual memory metrics for the machine

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.