winutil

package
v0.0.0-...-96212cb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 28, 2022 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AMD64CONTEXT

type AMD64CONTEXT struct {
	P1Home uint64
	P2Home uint64
	P3Home uint64
	P4Home uint64
	P5Home uint64
	P6Home uint64

	ContextFlags uint32
	MxCsr        uint32

	SegCs  uint16
	SegDs  uint16
	SegEs  uint16
	SegFs  uint16
	SegGs  uint16
	SegSs  uint16
	EFlags uint32

	Dr0 uint64
	Dr1 uint64
	Dr2 uint64
	Dr3 uint64
	Dr6 uint64
	Dr7 uint64

	Rax uint64
	Rcx uint64
	Rdx uint64
	Rbx uint64
	Rsp uint64
	Rbp uint64
	Rsi uint64
	Rdi uint64
	R8  uint64
	R9  uint64
	R10 uint64
	R11 uint64
	R12 uint64
	R13 uint64
	R14 uint64
	R15 uint64

	Rip uint64

	FltSave XMM_SAVE_AREA32

	VectorRegister [26]M128A
	VectorControl  uint64

	DebugControl         uint64
	LastBranchToRip      uint64
	LastBranchFromRip    uint64
	LastExceptionToRip   uint64
	LastExceptionFromRip uint64
}

AMD64CONTEXT tracks the _CONTEXT of windows.

func NewAMD64CONTEXT

func NewAMD64CONTEXT() *AMD64CONTEXT

NewAMD64CONTEXT allocates Windows CONTEXT structure aligned to 16 bytes.

func (*AMD64CONTEXT) SetFlags

func (ctx *AMD64CONTEXT) SetFlags(flags uint32)

func (*AMD64CONTEXT) SetPC

func (ctx *AMD64CONTEXT) SetPC(pc uint64)

func (*AMD64CONTEXT) SetReg

func (ctx *AMD64CONTEXT) SetReg(regNum uint64, reg *op.DwarfRegister) error

func (*AMD64CONTEXT) SetTrap

func (ctx *AMD64CONTEXT) SetTrap(trap bool)

type AMD64Registers

type AMD64Registers struct {
	Context *AMD64CONTEXT
	// contains filtered or unexported fields
}

AMD64Registers represents CPU registers on an AMD64 processor.

func NewAMD64Registers

func NewAMD64Registers(context *AMD64CONTEXT, TebBaseAddress uint64) *AMD64Registers

NewAMD64Registers creates a new AMD64Registers struct from a CONTEXT struct and the TEB base address of the thread.

func (*AMD64Registers) BP

func (r *AMD64Registers) BP() uint64

func (*AMD64Registers) Copy

func (r *AMD64Registers) Copy() (proc.Registers, error)

Copy returns a copy of these registers that is guaranteed not to change.

func (*AMD64Registers) GAddr

func (r *AMD64Registers) GAddr() (uint64, bool)

GAddr returns the address of the G variable if it is known, 0 and false otherwise.

func (*AMD64Registers) LR

func (r *AMD64Registers) LR() uint64

LR returns the link register.

func (*AMD64Registers) PC

func (r *AMD64Registers) PC() uint64

PC returns the current program counter i.e. the RIP CPU register.

func (*AMD64Registers) SP

func (r *AMD64Registers) SP() uint64

SP returns the stack pointer location, i.e. the RSP register.

func (*AMD64Registers) Slice

func (r *AMD64Registers) Slice(floatingPoint bool) ([]proc.Register, error)

Slice returns the registers as a list of (name, value) pairs.

func (*AMD64Registers) TLS

func (r *AMD64Registers) TLS() uint64

TLS returns the value of the register that contains the location of the thread local storage segment.

type M128A

type M128A struct {
	Low  uint64
	High int64
}

M128A tracks the _M128A windows struct.

type XMM_SAVE_AREA32

type XMM_SAVE_AREA32 struct {
	ControlWord    uint16
	StatusWord     uint16
	TagWord        byte
	Reserved1      byte
	ErrorOpcode    uint16
	ErrorOffset    uint32
	ErrorSelector  uint16
	Reserved2      uint16
	DataOffset     uint32
	DataSelector   uint16
	Reserved3      uint16
	MxCsr          uint32
	MxCsr_Mask     uint32
	FloatRegisters [8]M128A
	XmmRegisters   [256]byte
	Reserved4      [96]byte
}

XMM_SAVE_AREA32 tracks the _XMM_SAVE_AREA32 windows struct.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL