procio

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 18, 2022 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrProcIsParent = fmt.Errorf("not supported on parent")

ErrProcIsParent is returned when trying to suspend the immediate parent process. Reason for this is the assumption that the parent process always is some form of console, which needs to be running in order to handle IO.

View Source
var ErrProcIsSelf = fmt.Errorf("not supported on self")

ErrProcIsSelf is returned when trying to suspend the current process.

View Source
var PermR = Permissions{
	Read: true,
}

PermR is readonly Permissions.

View Source
var PermRC = Permissions{
	Read:  true,
	Write: true,
	COW:   true,
}

PermRC is the read and copy-on-write Permissions.

View Source
var PermRCX = Permissions{
	Read:    true,
	Write:   true,
	COW:     true,
	Execute: true,
}

PermRCX is the read-execute and copy-on-write Permissions.

View Source
var PermRW = Permissions{
	Read:  true,
	Write: true,
}

PermRW is the read-write Permissions.

View Source
var PermRWX = Permissions{
	Read:    true,
	Write:   true,
	Execute: true,
}

PermRWX is the read-write-execute Permissions.

View Source
var PermRX = Permissions{
	Read:    true,
	Execute: true,
}

PermRX is the read-execute Permissions.

Functions

func CrashMethodNames

func CrashMethodNames() []string

CrashMethodNames returns a list of possible string values of CrashMethod.

func FormatMemorySegmentAddress

func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string

FormatMemorySegmentAddress formats the *MemorySegmentInfo.BaseAddress to a hex string with prefix '0x' and either 8 or 16 digits (based on the address value) with leading zeros.

func FormatPID

func FormatPID(pid int) string

FormatPID formats the given process ID.

func GetRunningPIDs

func GetRunningPIDs() ([]int, error)

GetRunningPIDs returns the PIDs of all running processes.

func PermissionsToNative

func PermissionsToNative(perms Permissions) int

PermissionsToNative converts the given Permissions to the native linux representation.

func SegmentTypeNames added in v0.12.0

func SegmentTypeNames() []string

SegmentTypeNames returns a list of possible string values of SegmentType.

func StateNames

func StateNames() []string

StateNames returns a list of possible string values of State.

Types

type CachingProcess

type CachingProcess interface {
	Process
	InvalidateCache()
}

CachingProcess is a Process that caches *ProcessInfo and *MemorySegmentInfo. This cache will only be updated after InvalidateCache was called.

func Cache added in v0.6.0

func Cache(proc Process) CachingProcess

func OpenProcess

func OpenProcess(pid int) (CachingProcess, error)

OpenProcess opens another process.

type CrashMethod

type CrashMethod int

CrashMethod selects a method to crash a process.

ENUM( createThreadOnNull )

const (
	// CrashMethodCreateThreadOnNull is a CrashMethod of type CreateThreadOnNull.
	CrashMethodCreateThreadOnNull CrashMethod = iota
)

func ParseCrashMethod

func ParseCrashMethod(name string) (CrashMethod, error)

ParseCrashMethod attempts to convert a string to a CrashMethod.

func (CrashMethod) MarshalText

func (x CrashMethod) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method.

func (CrashMethod) String

func (x CrashMethod) String() string

String implements the Stringer interface.

func (*CrashMethod) UnmarshalText

func (x *CrashMethod) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method.

type DefaultMemoryReaderFactory

type DefaultMemoryReaderFactory struct{}

DefaultMemoryReaderFactory is the default MemoryReaderFactory.

func (*DefaultMemoryReaderFactory) NewMemoryReader

func (f *DefaultMemoryReaderFactory) NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

NewMemoryReader calls NewMemoryReader.

type MemoryReader

type MemoryReader interface {
	io.ReadCloser
	io.Seeker
}

MemoryReader provides capabilities to read and seek through another processes memory.

func NewMemoryReader

func NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

NewMemoryReader creates a new MemoryReader to read the given segment of the given Process.

type MemoryReaderFactory

type MemoryReaderFactory interface {
	NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
}

MemoryReaderFactory is a factory for MemoryReader.

type MemorySegmentInfo

type MemorySegmentInfo struct {
	// ParentBaseAddress is the base address of the parent segment.
	// If no parent segment exists, this is equal to the BaseAddress.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationBase
	ParentBaseAddress uintptr `json:"parentBaseAddress"`

	// BaseAddress is the base address of the current memory segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->BaseAddress
	BaseAddress uintptr `json:"baseAddress"`

	// AllocatedPermissions is the Permissions that were used to initially
	// allocate this segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationProtect
	AllocatedPermissions Permissions `json:"allocatedPermissions"`

	// CurrentPermissions is the Permissions that the segment currently has.
	// This may differ from AllocatedPermissions if the permissions where changed
	// at some point (e.g. via VirtualProtect).
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->Protect
	CurrentPermissions Permissions `json:"currentPermissions"`

	// Size contains the size of the segment in bytes.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->RegionSize
	Size uintptr `json:"size"`

	// RSS contains the ResidentSetSize as reported on linux, i.e.
	// the amount of RAM this segment actually uses right now.
	// Equivalence on windows: No equivalence, this is currently always equal to Size.
	RSS uintptr `json:"rss"`

	// State contains the current State of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->State
	State State `json:"state"`

	// Type contains the Type of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->SegmentType
	Type SegmentType `json:"type"`

	// File contains the path to the mapped file, or empty string if
	// no file mapping is associated with this memory segment.
	MappedFile fileio.File `json:"mappedFile"`

	// SubSegments contains sub-segments, i.e. segment where their ParentBaseAddress
	// is equal to this segments BaseAddress.
	// If no such segments exist, this will be a slice of length 0.
	SubSegments []*MemorySegmentInfo `json:"-"`
}

MemorySegmentInfo contains information about a memory segment.

func (*MemorySegmentInfo) CopyWithoutSubSegments

func (s *MemorySegmentInfo) CopyWithoutSubSegments() *MemorySegmentInfo

CopyWithoutSubSegments creates a copy of this *MemorySegmentInfo, but the SubSegments of the returned *MemorySegmentInfo will be of length 0.

func (*MemorySegmentInfo) EstimateRAMIncreaseByScanning added in v0.9.0

func (s *MemorySegmentInfo) EstimateRAMIncreaseByScanning() uintptr

EstimateRAMIncreaseByScanning estimates the increase in RAM usage when scanning this segment. The problem arises on linux, when the kernel has not yet loaded certain pages in this segment. By scanning the segment, the kernel will load the entire segment into RAM.

func (*MemorySegmentInfo) String

func (s *MemorySegmentInfo) String() string

String returns a human readable representation of the BaseAddress.

type Permissions

type Permissions struct {
	// Is read-only access allowed
	Read bool `json:"read"`
	// Is write access allowed (also true if COW is enabled)
	Write bool `json:"write"`
	// Is copy-on-write access allowed (if this is true, then so is Write)
	COW bool `json:"COW"`
	// Is execute access allowed
	Execute bool `json:"execute"`
}

Permissions describes the permissions of a memory segment.

func ParsePermissions

func ParsePermissions(s string) (Permissions, error)

ParsePermissions parses the string representation of a Permissions, as output by Permissions.String and returns the resulting Permissions.

Each character of the string is interpreted individually and case insensitive. A '-' is ignored, 'r' stands for read, 'w' for write, 'c' for copy-on-write, and 'e' or 'x' for execute. Any other character results in an error. The resulting Permissions is the combination of all character interpretations.

func (Permissions) EqualTo

func (p Permissions) EqualTo(other Permissions) bool

EqualTo returns true if the other Permissions is exactly equal to this one.

func (Permissions) IsMoreOrEquallyPermissiveThan

func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool

IsMoreOrEquallyPermissiveThan returns true if the other Permissions is equally or more permissive than this one. See IsMorePermissiveThan for more information

func (Permissions) String

func (p Permissions) String() string

String returns the string representation of this Permissions.

type Process

type Process interface {
	io.Closer
	fmt.Stringer

	PID() int
	Info() (*ProcessInfo, error)
	Handle() interface{}
	MemorySegments() ([]*MemorySegmentInfo, error)
	Suspend() error
	Resume() error
	Crash(CrashMethod) error
}

Process provides capability to interact with or retrieve information about other processes.

type ProcessInfo

type ProcessInfo struct {
	PID              int                  `json:"pid"`
	Bitness          arch.Bitness         `json:"bitness"`
	ExecutablePath   string               `json:"executablePath"`
	ExecutableMD5    string               `json:"executableMD5"`
	ExecutableSHA256 string               `json:"executableSHA256"`
	Username         string               `json:"username"`
	MemorySegments   []*MemorySegmentInfo `json:"memorySegments"`
}

ProcessInfo represents information about a Process.

type SegmentType added in v0.12.0

type SegmentType int

SegmentType represents the type of a memory segment.

ENUM( image mapped private privateMapped )

const (
	// SegmentTypeImage is a SegmentType of type Image.
	SegmentTypeImage SegmentType = iota
	// SegmentTypeMapped is a SegmentType of type Mapped.
	SegmentTypeMapped
	// SegmentTypePrivate is a SegmentType of type Private.
	SegmentTypePrivate
	// SegmentTypePrivateMapped is a SegmentType of type PrivateMapped.
	SegmentTypePrivateMapped
)

func ParseSegmentType added in v0.12.0

func ParseSegmentType(name string) (SegmentType, error)

ParseSegmentType attempts to convert a string to a SegmentType.

func (SegmentType) MarshalText added in v0.12.0

func (x SegmentType) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method.

func (SegmentType) String added in v0.12.0

func (x SegmentType) String() string

String implements the Stringer interface.

func (*SegmentType) UnmarshalText added in v0.12.0

func (x *SegmentType) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method.

type State

type State int

State represents the state of a memory segment.

ENUM( commit free reserve )

const (
	// StateCommit is a State of type Commit.
	StateCommit State = iota
	// StateFree is a State of type Free.
	StateFree
	// StateReserve is a State of type Reserve.
	StateReserve
)

func ParseState

func ParseState(name string) (State, error)

ParseState attempts to convert a string to a State.

func (State) MarshalText

func (x State) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method.

func (State) String

func (x State) String() string

String implements the Stringer interface.

func (*State) UnmarshalText

func (x *State) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL