windows

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2019 License: Apache-2.0 Imports: 2 Imported by: 2

README

go-windows

Build Status Build status Go Documentation

go-windows is a library for Go (golang) that provides wrappers to various Windows APIs that are not covered by the stdlib or by golang.org/x/sys/windows.

Goals / Features

  • Does not use cgo.
  • Provide abstractions to make using the APIs easier.

Documentation

Overview

Package windows contains various Windows system calls.

Index

Constants

View Source 
const (

	// PROCESS_VM_READ right allows to read memory from the target process.
	PROCESS_VM_READ = 0x10

	// PROCESS_QUERY_LIMITED_INFORMATION right allows to access a subset of the
	// information granted by PROCESS_QUERY_INFORMATION. Not available in XP
	// and Server 2003.
	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
)
View Source 
const (
	// SizeOfProcessBasicInformationStruct gives the size
	// of the ProcessBasicInformationStruct struct.
	SizeOfProcessBasicInformationStruct = unsafe.Sizeof(ProcessBasicInformationStruct{})

	// SizeOfRtlUserProcessParameters gives the size
	// of the RtlUserProcessParameters struct.
	SizeOfRtlUserProcessParameters = unsafe.Sizeof(RtlUserProcessParameters{})
)
View Source 
const (

	// ProcessBasicInformation returns a pointer to
	// the Process Environment Block (PEB) structure.
	ProcessBasicInformation ProcessInfoClass = 0

	// ProcessDebugPort returns a uint32 that is the port number for the
	// debugger of the process.
	ProcessDebugPort = 7

	// ProcessWow64Information returns whether a process is running under
	// WOW64.
	ProcessWow64Information = 26

	// ProcessImageFileName returns the image file name for the process, as a
	// UnicodeString struct.
	ProcessImageFileName = 27

	// ProcessBreakOnTermination returns a uintptr that tells if the process
	// is critical.
	ProcessBreakOnTermination = 29

	// ProcessSubsystemInformation returns the subsystem type of the process.
	ProcessSubsystemInformation = 75
)

Variables

View Source 
var ErrReadFailed = errors.New("ReadProcessMemory failed")

ErrReadFailed is returned by ReadProcessMemory on failure

Functions

func EnumProcesses 

func EnumProcesses() (pids []uint32, err error)

EnumProcesses returns a list of running processes. https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-enumprocesses

func FiletimeToDuration 

func FiletimeToDuration(ft *syscall.Filetime) time.Duration

FiletimeToDuration converts a Filetime to a time.Duration. Do not use this method to convert a Filetime to an actual clock time, for that use Filetime.Nanosecond().

func GetProcessHandleCount 

func GetProcessHandleCount(process syscall.Handle) (uint32, error)

GetProcessHandleCount retrieves the number of open handles of a process. https://docs.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-processthreadsapi-getprocesshandlecount

func GetProcessImageFileName 

func GetProcessImageFileName(handle syscall.Handle) (string, error)

GetProcessImageFileName retrieves the process main executable. The returned path is a device path, that is: "\Device\HardDisk0Volume1\Windows\notepad.exe" instead of "C:\Windows\notepad.exe" Use QueryDosDevice or equivalent to convert to a drive path. https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-getprocessimagefilenamea

func GetSystemTimes 

func GetSystemTimes() (idle, kernel, user time.Duration, err error)

GetSystemTimes retrieves system timing information. On a multiprocessor system, the values returned are the sum of the designated times across all processors. The returned kernel time does not include the system idle time. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724400(v=vs.85).aspx

func GetTickCount64 

func GetTickCount64() (uint64, error)

GetTickCount64 retrieves the number of milliseconds that have elapsed since the system was started. This function is available on Windows Vista and newer. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724411(v=vs.85).aspx

func NtQueryInformationProcess 

func NtQueryInformationProcess(handle syscall.Handle, infoClass ProcessInfoClass, info unsafe.Pointer, infoLen uint32) (returnedLen uint32, err error)

NtQueryInformationProcess is a wrapper for ntdll.NtQueryInformationProcess. The handle must have the PROCESS_QUERY_INFORMATION access right. Returns an error of type NTStatus.

func ReadProcessMemory 

func ReadProcessMemory(handle syscall.Handle, baseAddress uintptr, dest []byte) (numRead uintptr, err error)

ReadProcessMemory reads from another process memory. The Handle needs to have the PROCESS_VM_READ right. A zero-byte read is a no-op, no error is returned.

func UTF16BytesToString 

func UTF16BytesToString(b []byte) (string, int, error)

UTF16BytesToString returns a string that is decoded from the UTF-16 bytes. The byte slice must be of even length otherwise an error will be returned. The integer returned is the offset to the start of the next string with buffer if it exists, otherwise -1 is returned.

Types

type FixedFileInfo 

type FixedFileInfo struct {
	Signature        uint32
	StrucVersion     uint32
	FileVersionMS    uint32
	FileVersionLS    uint32
	ProductVersionMS uint32
	ProductVersionLS uint32
	FileFlagsMask    uint32
	FileFlags        uint32
	FileOS           uint32
	FileType         uint32
	FileSubtype      uint32
	FileDateMS       uint32
	FileDateLS       uint32
}

FixedFileInfo contains version information for a file. This information is language and code page independent. This is an equivalent representation of VS_FIXEDFILEINFO. https://msdn.microsoft.com/en-us/library/windows/desktop/ms646997(v=vs.85).aspx

func (FixedFileInfo) FileVersion 

func (info FixedFileInfo) FileVersion() string

FileVersion returns the FileVersion value in string format.

func (FixedFileInfo) ProductVersion 

func (info FixedFileInfo) ProductVersion() string

ProductVersion returns the ProductVersion value in string format.

type MemoryStatusEx 

type MemoryStatusEx struct {
	MemoryLoad           uint32
	TotalPhys            uint64
	AvailPhys            uint64
	TotalPageFile        uint64
	AvailPageFile        uint64
	TotalVirtual         uint64
	AvailVirtual         uint64
	AvailExtendedVirtual uint64
	// contains filtered or unexported fields
}

MemoryStatusEx is an equivalent representation of MEMORYSTATUSEX in the Windows API. It contains information about the current state of both physical and virtual memory, including extended memory. https://msdn.microsoft.com/en-us/library/windows/desktop/aa366770

func GlobalMemoryStatusEx 

func GlobalMemoryStatusEx() (MemoryStatusEx, error)

GlobalMemoryStatusEx retrieves information about the system's current usage of both physical and virtual memory. https://msdn.microsoft.com/en-us/library/windows/desktop/aa366589(v=vs.85).aspx

type NTStatus 

type NTStatus uint32

NTStatus is an error wrapper for NTSTATUS values, 32bit error-codes returned by the NT Kernel.

func (NTStatus) Error 

func (status NTStatus) Error() string

Error prints the wrapped NTSTATUS in hex form.

type ProcessBasicInformationStruct 

type ProcessBasicInformationStruct struct {
	Reserved1       uintptr
	PebBaseAddress  uintptr
	Reserved2       [2]uintptr
	UniqueProcessID uintptr
	// Undocumented:
	InheritedFromUniqueProcessID uintptr
}

ProcessBasicInformationStruct is Go's counterpart of the PROCESS_BASIC_INFORMATION struct, returned by NtQueryInformationProcess when ProcessBasicInformation is requested.

type ProcessInfoClass 

type ProcessInfoClass uint32

ProcessInfoClass is Go's counterpart for the PROCESSINFOCLASS enumeration defined in ntdll.h.

type ProcessMemoryCountersEx 

type ProcessMemoryCountersEx struct {
	PageFaultCount             uint32
	PeakWorkingSetSize         uintptr
	WorkingSetSize             uintptr
	QuotaPeakPagedPoolUsage    uintptr
	QuotaPagedPoolUsage        uintptr
	QuotaPeakNonPagedPoolUsage uintptr
	QuotaNonPagedPoolUsage     uintptr
	PagefileUsage              uintptr
	PeakPagefileUsage          uintptr
	PrivateUsage               uintptr
	// contains filtered or unexported fields
}

ProcessMemoryCountersEx is an equivalent representation of PROCESS_MEMORY_COUNTERS_EX in the Windows API. It contains information about the memory usage of a process. https://docs.microsoft.com/en-au/windows/desktop/api/psapi/ns-psapi-_process_memory_counters_ex

func GetProcessMemoryInfo 

func GetProcessMemoryInfo(process syscall.Handle) (ProcessMemoryCountersEx, error)

GetProcessMemoryInfo retrieves memory info for the given process handle. https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-getprocessmemoryinfo

type ProcessorArchitecture 

type ProcessorArchitecture uint16

ProcessorArchitecture specifies the processor architecture that the OS requires. 

const (
	ProcessorArchitectureAMD64   ProcessorArchitecture = 9
	ProcessorArchitectureARM     ProcessorArchitecture = 5
	ProcessorArchitectureARM64   ProcessorArchitecture = 12
	ProcessorArchitectureIA64    ProcessorArchitecture = 6
	ProcessorArchitectureIntel   ProcessorArchitecture = 0
	ProcessorArchitectureUnknown ProcessorArchitecture = 0xFFFF
)

List of processor architectures associated with SystemInfo.

func (ProcessorArchitecture) String 

func (a ProcessorArchitecture) String() string

type ProcessorType 

type ProcessorType uint32

ProcessorType specifies the type of processor. 

const (
	ProcessorTypeIntel386     ProcessorType = 386
	ProcessorTypeIntel486     ProcessorType = 486
	ProcessorTypeIntelPentium ProcessorType = 586
	ProcessorTypeIntelIA64    ProcessorType = 2200
	ProcessorTypeAMDX8664     ProcessorType = 8664
)

List of processor types associated with SystemInfo.

func (ProcessorType) String 

func (t ProcessorType) String() string

type RtlUserProcessParameters 

type RtlUserProcessParameters struct {
	Reserved1 [16]byte
	Reserved2 [5]uintptr

	// <undocumented>
	CurrentDirectoryPath   UnicodeString
	CurrentDirectoryHandle uintptr
	DllPath                UnicodeString

	ImagePathName UnicodeString
	CommandLine   UnicodeString
}

RtlUserProcessParameters is Go's equivalent for the _RTL_USER_PROCESS_PARAMETERS struct. A few undocumented fields are exposed.

type SystemInfo 

type SystemInfo struct {
	ProcessorArchitecture     ProcessorArchitecture
	Reserved                  uint16
	PageSize                  uint32
	MinimumApplicationAddress uintptr
	MaximumApplicationAddress uintptr
	ActiveProcessorMask       uint64
	NumberOfProcessors        uint32
	ProcessorType             ProcessorType
	AllocationGranularity     uint32
	ProcessorLevel            uint16
	ProcessorRevision         uint16
}

SystemInfo is an equivalent representation of SYSTEM_INFO in the Windows API. https://msdn.microsoft.com/en-us/library/ms724958%28VS.85%29.aspx?f=255&MSPPError=-2147217396

func GetNativeSystemInfo 

func GetNativeSystemInfo() (SystemInfo, error)

GetNativeSystemInfo retrieves information about the current system to an application running under WOW64. If the function is called from a 64-bit application, it is equivalent to the GetSystemInfo function. https://msdn.microsoft.com/en-us/library/ms724340%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

type UnicodeString 

type UnicodeString struct {
	Size          uint16
	MaximumLength uint16
	Buffer        uintptr
}

UnicodeString is Go's equivalent for the _UNICODE_STRING struct.

type Version 

type Version struct {
	Major int
	Minor int
	Build int
}

Version identifies a Windows version by major, minor, and build number.

func GetWindowsVersion 

func GetWindowsVersion() Version

GetWindowsVersion returns the Windows version information. Applications not manifested for Windows 8.1 or Windows 10 will return the Windows 8 OS version value (6.2).

For a table of version numbers see: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx

func (Version) IsWindowsVistaOrGreater 

func (v Version) IsWindowsVistaOrGreater() bool

IsWindowsVistaOrGreater returns true if the Windows version is Vista or greater.

type VersionData 

type VersionData []byte

VersionData is a buffer holding the data returned by GetFileVersionInfo.

func GetFileVersionInfo 

func GetFileVersionInfo(filename string) (VersionData, error)

GetFileVersionInfo retrieves version information for the specified file. https://msdn.microsoft.com/en-us/library/windows/desktop/ms647003(v=vs.85).aspx

func (VersionData) FixedFileInfo 

func (d VersionData) FixedFileInfo() (*FixedFileInfo, error)

FixedFileInfo returns the fixed version information from a version-information resource. It queries the root block to get the VS_FIXEDFILEINFO value. https://msdn.microsoft.com/en-us/library/windows/desktop/ms647464(v=vs.85).aspx

func (VersionData) QueryValue 

func (d VersionData) QueryValue(key string) (string, error)

QueryValue uses VerQueryValue to query version information from the a version-information resource. It returns responses using the first language and code point found in the resource. The accepted keys are listed in the VerQueryValue documentation (e.g. ProductVersion, FileVersion, etc.). https://msdn.microsoft.com/en-us/library/windows/desktop/ms647464(v=vs.85).aspx

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.