procIO

package

v0.4.0 Latest Latest Go to latest Published: Dec 4, 2020 License: AGPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fkie-cad/yapscan

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func ComputeHashes(file string) (md5sum, sha256sum string, err error)
func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string
func FormatPID(pid int) string
func GetRunningPIDs() ([]int, error)
func StateNames() []string
func TypeNames() []string
type CachingProcess
- func OpenProcess(pid int) (CachingProcess, error)
type DefaultMemoryReaderFactory
- func (f *DefaultMemoryReaderFactory) NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
type MemoryReader
- func NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
type MemoryReaderFactory
type MemorySegmentInfo
- func (s *MemorySegmentInfo) CopyWithoutSubSegments() *MemorySegmentInfo
- func (s *MemorySegmentInfo) String() string
type Permissions
- func ParsePermissions(s string) (Permissions, error)
- func (p Permissions) EqualTo(other Permissions) bool
- func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool
- func (p Permissions) IsMorePermissiveThan(other Permissions) bool
- func (p Permissions) String() string
type Process
type ProcessInfo
type State
- func ParseState(name string) (State, error)
- func (x State) MarshalText() ([]byte, error)
- func (x State) String() string
- func (x *State) UnmarshalText(text []byte) error
type Type
- func ParseType(name string) (Type, error)
- func (x Type) MarshalText() ([]byte, error)
- func (x Type) String() string
- func (x *Type) UnmarshalText(text []byte) error

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrProcIsParent = errors.New("not supported on parent")

View Source

var ErrProcIsSelf = errors.New("not supported on self")

View Source

var PermR = Permissions{
	Read: true,
}

View Source

var PermRC = Permissions{
	Read:  true,
	Write: true,
	COW:   true,
}

View Source

var PermRCX = Permissions{
	Read:    true,
	Write:   true,
	COW:     true,
	Execute: true,
}

View Source

var PermRW = Permissions{
	Read:  true,
	Write: true,
}

View Source

var PermRWX = Permissions{
	Read:    true,
	Write:   true,
	Execute: true,
}

View Source

var PermRX = Permissions{
	Read:    true,
	Execute: true,
}

Functions ¶

func ComputeHashes ¶

func ComputeHashes(file string) (md5sum, sha256sum string, err error)

func FormatMemorySegmentAddress ¶

func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string

func FormatPID ¶

func FormatPID(pid int) string

func GetRunningPIDs ¶

func GetRunningPIDs() ([]int, error)

func StateNames ¶

func StateNames() []string

StateNames returns a list of possible string values of State.

func TypeNames ¶

func TypeNames() []string

TypeNames returns a list of possible string values of Type.

Types ¶

type CachingProcess ¶

type CachingProcess interface {
	Process
	InvalidateCache()
}

func OpenProcess ¶

func OpenProcess(pid int) (CachingProcess, error)

type DefaultMemoryReaderFactory ¶ added in v0.4.0

type DefaultMemoryReaderFactory struct{}

func (*DefaultMemoryReaderFactory) NewMemoryReader ¶ added in v0.4.0

func (f *DefaultMemoryReaderFactory) NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

type MemoryReader ¶

type MemoryReader interface {
	io.ReadCloser
	Reset() (MemoryReader, error)
}

func NewMemoryReader ¶

func NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

type MemoryReaderFactory ¶ added in v0.4.0

type MemoryReaderFactory interface {
	NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
}

type MemorySegmentInfo ¶

type MemorySegmentInfo struct {
	// On windows: _MEMORY_BASIC_INFORMATION->AllocationBase
	ParentBaseAddress uintptr `json:"parentBaseAddress"`
	// On windows: _MEMORY_BASIC_INFORMATION->BaseAddress
	BaseAddress uintptr `json:"baseAddress"`
	// On windows: _MEMORY_BASIC_INFORMATION->AllocationProtect
	AllocatedPermissions Permissions `json:"allocatedPermissions"`
	// On windows: _MEMORY_BASIC_INFORMATION->Protect
	CurrentPermissions Permissions `json:"currentPermissions"`
	// On windows: _MEMORY_BASIC_INFORMATION->RegionSize
	Size uintptr `json:"size"`
	// On windows: _MEMORY_BASIC_INFORMATION->State
	State State `json:"state"`
	// On windows: _MEMORY_BASIC_INFORMATION->Type
	Type Type `json:"type"`

	FilePath string `json:"filePath"`

	SubSegments []*MemorySegmentInfo `json:"subSegments"`
}

func (*MemorySegmentInfo) CopyWithoutSubSegments ¶

func (s *MemorySegmentInfo) CopyWithoutSubSegments() *MemorySegmentInfo

func (*MemorySegmentInfo) String ¶

func (s *MemorySegmentInfo) String() string

type Permissions ¶

type Permissions struct {
	// Is read-only access allowed
	Read bool
	// Is write access allowed (also true if COW is enabled)
	Write bool
	// Is copy-on-write access allowed (if this is true, then so is Write)
	COW bool
	// Is execute access allowed
	Execute bool
}

func ParsePermissions ¶

func ParsePermissions(s string) (Permissions, error)

func (Permissions) EqualTo ¶

func (p Permissions) EqualTo(other Permissions) bool

func (Permissions) IsMoreOrEquallyPermissiveThan ¶

func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool

func (Permissions) IsMorePermissiveThan ¶

func (p Permissions) IsMorePermissiveThan(other Permissions) bool

func (Permissions) String ¶

func (p Permissions) String() string

type Process ¶

type Process interface {
	io.Closer
	fmt.Stringer

	PID() int
	Info() (*ProcessInfo, error)
	Handle() interface{}
	MemorySegments() ([]*MemorySegmentInfo, error)
	Suspend() error
	Resume() error
}

type ProcessInfo ¶

type ProcessInfo struct {
	PID              int                  `json:"pid"`
	Bitness          arch.Bitness         `json:"bitness"`
	ExecutablePath   string               `json:"executablePath"`
	ExecutableMD5    string               `json:"executableMD5"`
	ExecutableSHA256 string               `json:"executableSHA256"`
	Username         string               `json:"username"`
	MemorySegments   []*MemorySegmentInfo `json:"memorySegments"`
}

type State ¶

type State int

ENUM( Commit Free Reserve )

const (
	// StateCommit is a State of type Commit
	StateCommit State = iota
	// StateFree is a State of type Free
	StateFree
	// StateReserve is a State of type Reserve
	StateReserve
)

func ParseState ¶

func ParseState(name string) (State, error)

ParseState attempts to convert a string to a State

func (State) MarshalText ¶

func (x State) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method

func (State) String ¶

func (x State) String() string

String implements the Stringer interface.

func (*State) UnmarshalText ¶

func (x *State) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method

type Type ¶

type Type int

TODO: Consider additional type "Shared"

ENUM( Image Mapped Private )

const (
	// TypeImage is a Type of type Image
	TypeImage Type = iota
	// TypeMapped is a Type of type Mapped
	TypeMapped
	// TypePrivate is a Type of type Private
	TypePrivate
)

func ParseType ¶

func ParseType(name string) (Type, error)

ParseType attempts to convert a string to a Type

func (Type) MarshalText ¶

func (x Type) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method

func (Type) String ¶

func (x Type) String() string

String implements the Stringer interface.

func (*Type) UnmarshalText ¶

func (x *Type) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
customWin32 Package customWin32 provides a small subset of win32 bindings.	Package customWin32 provides a small subset of win32 bindings.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL