README
¶
GoLang Windows API Wrappers
For System Info / User Management.
For an internal project, this is a set of wrappers for snippets of the Windows API.
Tested and developed for Windows 10 x64.
All functions that return useful data, do so in the form of JSON exportable structs.
These structs are available in the shared library, "github.com/iamacarpet/go-win64api/shared"
Process List
package main
import (
"fmt"
wapi "github.com/iamacarpet/go-win64api"
)
func main(){
pr, err := wapi.ProcessList()
if err != nil {
fmt.Printf("Error fetching process list... %s\r\n", err.Error())
}
for _, p := range pr {
fmt.Printf("%8d - %-30s - %-30s - %s\r\n", p.Pid, p.Username, p.Executable, p.Fullpath)
}
}
Active Session List (Logged in users + Run-As users)
package main
import (
"fmt"
wapi "github.com/iamacarpet/go-win64api"
)
func main(){
// This check runs best as NT AUTHORITY\SYSTEM
//
// Running as a normal or even elevated user,
// we can't properly detect who is an admin or not.
//
// This is because we require TOKEN_DUPLICATE permission,
// which we don't seem to have otherwise (Win10).
users, err := wapi.ListLoggedInUsers()
if err != nil {
fmt.Printf("Error fetching user session list.\r\n")
return
}
fmt.Printf("Users currently logged in (Admin check doesn't work for AD Accounts):\r\n")
for _, u := range users {
fmt.Printf("\t%-50s - Local User: %-5t - Local Admin: %t\r\n", u.FullUser(), u.LocalUser, u.LocalAdmin)
}
}
Installed Software List
package main
import (
"fmt"
wapi "github.com/iamacarpet/go-win64api"
)
func main(){
sw, err := wapi.InstalledSoftwareList()
if err != nil {
fmt.Printf("%s\r\n", err.Error())
}
for _, s := range sw {
fmt.Printf("%-100s - %s - %s\r\n", s.Name(), s.Architecture(), s.Version())
}
}
Windows Update Status
package main
import (
"fmt"
"time"
wapi "github.com/iamacarpet/go-win64api"
)
func main() {
ret, err := wapi.UpdatesPending()
if err != nil {
fmt.Printf("Error fetching data... %s\r\n", err.Error())
}
fmt.Printf("Number of Updates Available: %d\n", ret.NumUpdates)
fmt.Printf("Updates Pending: %t\n\n", ret.UpdatesReq)
fmt.Printf("%25s | %25s | %s\n", "EVENT DATE", "STATUS", "UPDATE NAME")
for _, v := range ret.UpdateHistory {
fmt.Printf("%25s | %25s | %s\n", v.EventDate.Format(time.RFC822), v.Status, v.UpdateName)
}
}
Local Service Management
List Services
package main
import (
"fmt"
wapi "github.com/iamacarpet/go-win64api"
)
func main(){
svc, err := wapi.GetServices()
if err != nil {
fmt.Printf("%s\r\n", err.Error())
}
for _, v := range svc {
fmt.Printf("%-50s - %-75s - Status: %-20s - Accept Stop: %-5t, Running Pid: %d\r\n", v.SCName, v.DisplayName, v.StatusText, v.AcceptStop, v.RunningPid)
}
}
Start Service
err := wapi.StartService(service_name)
Stop Service
err := wapi.StopService(service_name)
Local User Management
List Local Users
package main
import (
"fmt"
"time"
wapi "github.com/iamacarpet/go-win64api"
)
func main(){
users, err := wapi.ListLocalUsers()
if err != nil {
fmt.Printf("Error fetching user list, %s.\r\n", err.Error())
return
}
for _, u := range users {
fmt.Printf("%s (%s)\r\n", u.Username, u.FullName)
fmt.Printf("\tIs Enabled: %t\r\n", u.IsEnabled)
fmt.Printf("\tIs Locked: %t\r\n", u.IsLocked)
fmt.Printf("\tIs Admin: %t\r\n", u.IsAdmin)
fmt.Printf("\tPassword Never Expires: %t\r\n", u.PasswordNeverExpires)
fmt.Printf("\tUser can't change password: %t\r\n", u.NoChangePassword)
fmt.Printf("\tPassword Age: %.0f days\r\n", (u.PasswordAge.Hours()/24))
fmt.Printf("\tLast Logon Time: %s\r\n", u.LastLogon.Format(time.RFC850))
fmt.Printf("\tBad Password Count: %d\r\n", u.BadPasswordCount)
fmt.Printf("\tNumber Of Logons: %d\r\n", u.NumberOfLogons)
}
}
Adding a Local User
ok, err := wapi.UserAdd(username, fullname, password)
Deleting a Local User
ok, err := wapi.UserDelete(username)
Set Full Name Attribute
ok, err := wapi.UserUpdateFullname(username, fullname)
Give Admin Privileges
ok, err := wapi.SetAdmin(username)
Revoke Admin Privileges
ok, err := wapi.RevokeAdmin(username)
Disable/Enable User
s := true // disable user
s := false // enable user
ok, err := wapi.UserDisabled(username, s)
Change Attribute - User Can't Change Password
s := true // User can't change password
s := false // User can change password
ok, err := wapi.UserDisablePasswordChange(username, s)
Change Attribute - Password Never Expires
s := true // Password never expires.
s := false // Enable password expiry.
ok, err := wapi.UserPasswordNoExpires(username, s)
Forced Password Change
ok, err := wapi.ChangePassword(username, newpassword)
Windows Firewall - Add Inbound Rule
added, err := wapi.FirewallRuleCreate(
"App Rule Name",
"App Rule Long Description.",
"My Rule Group",
"%systemDrive%\\path\\to\\my.exe",
"port number as string",
wapi.NET_FW_IP_PROTOCOL_TCP,
)
Documentation
¶
Index ¶
- Constants
- func AddGroupMembership(username, groupname string) (bool, error)
- func ChangePassword(username string, password string) (bool, error)
- func ConvertRawSidToStringSid(rawSid []byte) (string, error)
- func ConvertWMITime(s string) (time.Time, error)
- func DomainUserLocked(username string, domain string) (bool, error)
- func FirewallRuleCreate(name, description, group, appPath, port string, protocol uint) (bool, error)
- func FirewallRuleExistsByName(rules *ole.IDispatch, name string) (bool, error)
- func GetBitLockerRecoveryInfo() ([]*so.BitLockerDeviceInfo, error)
- func GetBitLockerRecoveryInfoForDrive(driveLetter string) (*so.BitLockerDeviceInfo, error)
- func GetDefaultUserProfileDirectory() (string, error)
- func GetProfilesDirectory() (string, error)
- func GetRawSidForAccountName(accountName string) ([]byte, error)
- func GetServices() ([]so.Service, error)
- func GetSystemProfile() (so.Hardware, so.OperatingSystem, so.Memory, []so.Disk, []so.Network, error)
- func InstalledSoftwareList() ([]so.Software, error)
- func IsDomainUserAdmin(username string, domain string) (bool, error)
- func IsLocalUserAdmin(username string) (bool, error)
- func ListLocalGroups() ([]so.LocalGroup, error)
- func ListLocalUsers() ([]so.LocalUser, error)
- func ListLoggedInUsers() ([]so.SessionDetails, error)
- func LocalGroupAdd(name, comment string) (bool, error)
- func LocalGroupAddMembers(groupname string, usernames []string) (bool, error)
- func LocalGroupDel(name string) (bool, error)
- func LocalGroupDelMembers(groupname string, usernames []string) (bool, error)
- func LocalGroupGetMembers(groupname string) ([]so.LocalGroupMember, error)
- func LocalGroupSetMembers(groupname string, usernames []string) (bool, error)
- func LsatoString(p LSA_UNICODE_STRING) string
- func ParseIPv4Mask(s string) net.IPMask
- func ProcessKill(pid uint32) (bool, error)
- func ProcessLUIDList() (map[uint32]SessionLUID, error)
- func ProcessList() ([]so.Process, error)
- func RemoveGroupMembership(username, groupname string) (bool, error)
- func RevokeAdmin(username string) (bool, error)
- func SetAdmin(username string) (bool, error)
- func StartService(name string) error
- func StopService(name string) error
- func UTF16toString(p *uint16) string
- func UpdatesPending() (*so.WindowsUpdate, error)
- func UserAdd(username string, fullname string, password string) (bool, error)
- func UserAddEx(opts UserAddOptions) (bool, error)
- func UserDelete(username string) (bool, error)
- func UserDisablePasswordChange(username string, disabled bool) (bool, error)
- func UserDisabled(username string, disable bool) (bool, error)
- func UserPasswordNoExpires(username string, noexpire bool) (bool, error)
- func UserSetProfile(username string, path string) (bool, error)
- func UserUpdateFullname(username string, fullname string) (bool, error)
- type ENUM_SERVICE_STATUS_PROCESS
- type LOCALGROUP_INFO_0
- type LOCALGROUP_INFO_1
- type LOCALGROUP_MEMBERS_INFO_3
- type LSA_UNICODE_STRING
- type LUID
- type LUID_AND_ATTRIBUTES
- type PROCESSENTRY32
- type PSID
- type SECURITY_LOGON_SESSION_DATA
- type SERVICE_STATUS_PROCESS
- type SID_AND_ATTRIBUTES
- type SID_IDENTIFIER_AUTHORITY
- type SessionLUID
- type TOKEN_PRIVILEGES
- type TOKEN_STATISTICS
- type TOKEN_USER
- type USER_INFO_1
- type USER_INFO_1003
- type USER_INFO_1008
- type USER_INFO_1011
- type USER_INFO_1052
- type USER_INFO_2
- type UserAddOptions
Constants ¶
const ( NET_FW_IP_PROTOCOL_TCP = 6 NET_FW_ACTION_ALLOW = 1 )
const ( NERR_GroupNotFound syscall.Errno = 2220 // 0x000008AC ERROR_ACCESS_DENIED syscall.Errno = 5 // 0x00000005 ERROR_MEMBER_NOT_IN_ALIAS syscall.Errno = 1377 // 0x00000561 ERROR_MEMBER_IN_ALIAS syscall.Errno = 1378 // 0x00000562 ERROR_NO_SUCH_MEMBER syscall.Errno = 1387 // 0x0000056B ERROR_INVALID_MEMBER syscall.Errno = 1388 // 0x0000056C )
Possible errors returned by local group management functions Error code enumerations taken from MS-ERREF documentation: https://msdn.microsoft.com/en-us/library/cc231196.aspx
const ( ERROR_NO_MORE_FILES = 0x12 PROCESS_TERMINATE = 0x0001 PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_QUERY_LIMITED_INFORMATION = 0x1000 MAX_PATH = 260 MAX_FULL_PATH = 4096 PROC_TOKEN_DUPLICATE = 0x0002 PROC_TOKEN_QUERY = 0x0008 PROC_TOKEN_ADJUST_PRIVILEGES = 0x0020 PROC_SE_PRIVILEGE_ENABLED = 0x00000002 PROC_SE_DEBUG_NAME = "SeDebugPrivilege" PROC_SE_SYSTEM_ENVIRONMENT_PRIV = "SeSystemEnvironmentPrivilege" PROC_SECURITY_BUILTIN_DOMAIN_RID = 0x00000020 PROC_DOMAIN_ALIAS_RID_ADMINS = 0x00000220 PROC_ERROR_NO_SUCH_LOGON_SESSION = 1312 PROC_ERROR_PRIVILEGE_NOT_HELD = 1314 )
Some constants from the Windows API
const ( SVC_SC_ENUM_PROCESS_INFO = 0 SVC_SERVICE_WIN32 = 0x00000030 SVC_SERVICE_STATE_ALL = 0x00000003 SVC_SERVICE_ACCEPT_STOP = 0x00000001 )
const ( NET_API_STATUS_NERR_Success = 0 NET_API_STATUS_NERR_InvalidComputer = 2351 NET_API_STATUS_NERR_NotPrimary = 2226 NET_API_STATUS_NERR_SpeGroupOp = 2234 NET_API_STATUS_NERR_LastAdmin = 2452 NET_API_STATUS_NERR_BadPassword = 2203 NET_API_STATUS_NERR_PasswordTooShort = 2245 NET_API_STATUS_NERR_UserNotFound = 2221 NET_API_STATUS_ERROR_ACCESS_DENIED = 5 NET_API_STATUS_ERROR_NOT_ENOUGH_MEMORY = 8 NET_API_STATUS_ERROR_INVALID_PARAMETER = 87 NET_API_STATUS_ERROR_INVALID_NAME = 123 NET_API_STATUS_ERROR_INVALID_LEVEL = 124 NET_API_STATUS_ERROR_MORE_DATA = 234 NET_API_STATUS_ERROR_SESSION_CREDENTIAL_CONFLICT = 1219 NET_API_STATUS_RPC_S_SERVER_UNAVAILABLE = 2147944122 NET_API_STATUS_RPC_E_REMOTE_DISABLED = 2147549468 USER_PRIV_MASK = 0x3 USER_PRIV_GUEST = 0 USER_PRIV_USER = 1 USER_PRIV_ADMIN = 2 USER_FILTER_NORMAL_ACCOUNT = 0x0002 USER_MAX_PREFERRED_LENGTH = 0xFFFFFFFF USER_UF_SCRIPT = 1 USER_UF_ACCOUNTDISABLE = 2 USER_UF_LOCKOUT = 16 USER_UF_PASSWD_CANT_CHANGE = 64 USER_UF_NORMAL_ACCOUNT = 512 USER_UF_DONT_EXPIRE_PASSWD = 65536 )
const (
ERROR_INVALID_FUNCTION = 1
)
Variables ¶
This section is empty.
Functions ¶
func AddGroupMembership ¶
AddGroupMembership adds the user as a member of the specified group.
func ChangePassword ¶
ChangePassword changes the user's password.
func ConvertRawSidToStringSid ¶
ConvertRawSidToStringSid converts a buffer containing a raw _SID struct (like what is returned by GetRawSidForAccountName) into a string SID.
See: https://docs.microsoft.com/en-us/windows/desktop/api/sddl/nf-sddl-convertsidtostringsidw
func FirewallRuleCreate ¶
func GetBitLockerRecoveryInfo ¶
func GetBitLockerRecoveryInfo() ([]*so.BitLockerDeviceInfo, error)
func GetBitLockerRecoveryInfoForDrive ¶
func GetBitLockerRecoveryInfoForDrive(driveLetter string) (*so.BitLockerDeviceInfo, error)
func GetDefaultUserProfileDirectory ¶
GetDefaultUserProfileDirectory returns the path to the directory in which the default user's profile is stored.
func GetProfilesDirectory ¶
GetProfilesDirectory returns the path to the directory in which user profiles are stored. Profiles for new users are stored in subdirectories.
See: https://docs.microsoft.com/en-us/windows/desktop/api/userenv/nf-userenv-getprofilesdirectoryw
func GetRawSidForAccountName ¶
GetRawSidForAccountName looks up the SID for a given account name using the LookupAccountNameW system call. The SID is returned as a buffer containing the raw _SID struct.
See: https://docs.microsoft.com/en-us/windows/desktop/api/winbase/nf-winbase-lookupaccountnamew
func GetServices ¶
func GetSystemProfile ¶
func InstalledSoftwareList ¶
func IsDomainUserAdmin ¶
IsDomainUserAdmin returns whether the specified user is an administrator for the specified domain.
func IsLocalUserAdmin ¶
IsLocalUserAdmin returns whether the user with the specified user name has administration rights on the local machine.
func ListLocalGroups ¶
func ListLocalGroups() ([]so.LocalGroup, error)
ListLocalGroups enumerates the local groups defined on the system.
If an error occurs in the call to the underlying NetLocalGroupEnum function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupenum
func ListLocalUsers ¶
ListLocalUsers lists information about local user accounts.
func ListLoggedInUsers ¶
func ListLoggedInUsers() ([]so.SessionDetails, error)
func LocalGroupAdd ¶
LocalGroupAdd adds a new local group with the specified name and comment.
func LocalGroupAddMembers ¶
LocalGroupAddMembers adds the specified members to the group, if they are not already members.
If an error occurs in the call to the underlying NetLocalGroupAddMembers function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupaddmembers
func LocalGroupDel ¶
LocalGroupDel deletes the specified local group.
If an error occurs in the call to the underlying NetLocalGroupDel function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupdel
func LocalGroupDelMembers ¶
LocalGroupDelMembers removes the specified members from the local group.
If an error occurs in the call to the underlying NetLocalGroupDelMembers function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupdelmembers
func LocalGroupGetMembers ¶
func LocalGroupGetMembers(groupname string) ([]so.LocalGroupMember, error)
LocalGroupGetMembers returns information about the members of the specified local group.
If an error occurs in the call to the underlying NetLocalGroupGetMembers function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupgetmembers
func LocalGroupSetMembers ¶
LocalGroupSetMembers sets the membership of the group to contain exactly the set of users specified in usernames.
If an error occurs in the call to the underlying NetLocalGroupSetMembers function, the returned error will be a syscall.Errno containing the error code. See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers
func LsatoString ¶
func LsatoString(p LSA_UNICODE_STRING) string
func ParseIPv4Mask ¶
func ProcessKill ¶
func ProcessLUIDList ¶
func ProcessLUIDList() (map[uint32]SessionLUID, error)
func ProcessList ¶
func RemoveGroupMembership ¶
RemoveGroupMembership removes the user from the specified group.
func RevokeAdmin ¶
RevokeAdmin removes the user from the "Administrators" group.
func StartService ¶
func StopService ¶
func UTF16toString ¶
UTF16toString converts a pointer to a UTF16 string into a Go string.
func UpdatesPending ¶
func UpdatesPending() (*so.WindowsUpdate, error)
func UserAdd ¶
UserAdd creates a new user account with the given username, full name, and password. The new account will have the standard User privilege level.
func UserAddEx ¶
func UserAddEx(opts UserAddOptions) (bool, error)
UserAddEx creates a new user account. As opposed to the simpler UserAdd, UserAddEx allows specification of full level 1 information while creating a user.
func UserDelete ¶
UserDelete deletes the user with the given username.
func UserDisablePasswordChange ¶
UserDisablePasswordChange adds or removes the flag that determines whether the user is allowed to change their own password. If disabled is true, the user will be unable to change their own password. If disabled is false, the user will be allowed to change their own password.
func UserDisabled ¶
UserDisabled adds or removes the flag that disables a user's account, preventing them from logging in. If disable is true, the user's account is disabled. If disable is false, the user's account is enabled.
func UserPasswordNoExpires ¶
UserPasswordNoExpires adds or removes the flag that determines whether the user's password expires. If noexpire is true, the user's password will not expire. If noexpire is false, the user's password will expire according to the system's password policy.
func UserSetProfile ¶
UserSetProfile sets the profile path for the user to path.
Types ¶
type ENUM_SERVICE_STATUS_PROCESS ¶
type ENUM_SERVICE_STATUS_PROCESS struct {
ServiceStatusProcess SERVICE_STATUS_PROCESS
// contains filtered or unexported fields
}
type LOCALGROUP_INFO_0 ¶
type LOCALGROUP_INFO_0 struct {
Lgrpi0_name *uint16 // UTF-16 group name
}
LOCALGROUP_INFO_0 represents level 0 information about local Windows groups. This struct matches the struct definition in the Windows headers (lmaccess.h).
type LOCALGROUP_INFO_1 ¶
type LOCALGROUP_INFO_1 struct {
Lgrpi1_name *uint16 // UTF-16 group name
Lgrpi1_comment *uint16 // UTF-16 group comment
}
LOCALGROUP_INFO_1 represents level 1 information about local Windows groups. This struct matches the struct definition in the Windows headers (lmaccess.h).
type LOCALGROUP_MEMBERS_INFO_3 ¶
type LOCALGROUP_MEMBERS_INFO_3 struct {
Lgrmi3_domainandname *uint16
}
type LSA_UNICODE_STRING ¶
type LUID_AND_ATTRIBUTES ¶
type PROCESSENTRY32 ¶
type PROCESSENTRY32 struct {
Size uint32
CntUsage uint32
ProcessID uint32
DefaultHeapID uintptr
ModuleID uint32
CntThreads uint32
ParentProcessID uint32
PriorityClassBase int32
Flags uint32
ExeFile [MAX_PATH]uint16
}
PROCESSENTRY32 is the Windows API structure that contains a process's information.
type SECURITY_LOGON_SESSION_DATA ¶
type SECURITY_LOGON_SESSION_DATA struct {
Size uint32
LogonId LUID
UserName LSA_UNICODE_STRING
LogonDomain LSA_UNICODE_STRING
AuthenticationPackage LSA_UNICODE_STRING
LogonType uint32
Session uint32
Sid uintptr
LogonTime uint64
LogonServer LSA_UNICODE_STRING
DnsDomainName LSA_UNICODE_STRING
Upn LSA_UNICODE_STRING
}
type SERVICE_STATUS_PROCESS ¶
type SERVICE_STATUS_PROCESS struct {
// contains filtered or unexported fields
}
type SID_AND_ATTRIBUTES ¶
type SID_IDENTIFIER_AUTHORITY ¶
type SID_IDENTIFIER_AUTHORITY struct {
Value [6]byte
}
type SessionLUID ¶
type TOKEN_PRIVILEGES ¶
type TOKEN_PRIVILEGES struct {
PrivilegeCount uint32
Privileges [1]LUID_AND_ATTRIBUTES
}
type TOKEN_STATISTICS ¶
type TOKEN_USER ¶
type TOKEN_USER struct {
User SID_AND_ATTRIBUTES
}
type USER_INFO_1 ¶
type USER_INFO_1003 ¶
type USER_INFO_1003 struct {
Usri1003_password *uint16
}
type USER_INFO_1008 ¶
type USER_INFO_1008 struct {
Usri1008_flags uint32
}
type USER_INFO_1011 ¶
type USER_INFO_1011 struct {
Usri1011_full_name *uint16
}
type USER_INFO_1052 ¶
type USER_INFO_1052 struct {
Useri1052_profile *uint16
}
USER_INFO_1052 is the Go representation of the Windwos _USER_INFO_1052 struct used to set a user's profile directory.
See: https://docs.microsoft.com/en-us/windows/desktop/api/lmaccess/ns-lmaccess-_user_info_1052
type USER_INFO_2 ¶
type USER_INFO_2 struct {
Usri2_name *uint16
Usri2_password *uint16
Usri2_password_age uint32
Usri2_priv uint32
Usri2_home_dir *uint16
Usri2_comment *uint16
Usri2_flags uint32
Usri2_script_path *uint16
Usri2_auth_flags uint32
Usri2_full_name *uint16
Usri2_usr_comment *uint16
Usri2_parms *uint16
Usri2_workstations *uint16
Usri2_last_logon uint32
Usri2_last_logoff uint32
Usri2_acct_expires uint32
Usri2_max_storage uint32
Usri2_units_per_week uint32
Usri2_logon_hours uintptr
Usri2_bad_pw_count uint32
Usri2_num_logons uint32
Usri2_logon_server *uint16
Usri2_country_code uint32
Usri2_code_page uint32
}
type UserAddOptions ¶
type UserAddOptions struct {
// Required
Username string
Password string
// Optional
FullName string
PrivLevel uint32
HomeDir string
Comment string
ScriptPath string
}
UserAddOptions contains extended options for creating a new user account.
The only required fields are Username and Password.
Fields:
- Username account username, limited to 20 characters.
- Password account password
- FullName user's full name (default: none)
- PrivLevel account's prvilege level, must be one of the USER_PRIV_* constants (default: USER_PRIV_GUEST)
- HomeDir If non-empty, the user's home directory is set to the specified path.
- Comment A comment to associate with the account (default: none)
- ScriptPath If non-empty, the path to the user's logon script file, which can be a .CMD, .EXE, or .BAT file. (default: none)
Source Files
Directories