Documentation
¶
Index ¶
Constants ¶
const ( SnapHeapList = 0x00000001 // TH32CS_SNAPHEAPLIST SnapProcess = 0x00000002 // TH32CS_SNAPPROCESS SnapThread = 0x00000004 // TH32CS_SNAPTHREAD SnapModule = 0x00000008 // TH32CS_SNAPMODULE SnapModule32 = 0x00000010 // TH32CS_SNAPMODULE32 Inherit = 0x80000000 // TH32CS_INHERIT SnapAll = SnapHeapList | SnapModule | SnapProcess | SnapThread // TH32CS_SNAPALL )
Snapshot flags.
const (
// MaxModuleName is the maximum length of a module name.
MaxModuleName = 255
)
Variables ¶
This section is empty.
Functions ¶
func CreateSnapshot ¶
CreateSnapshot prepares a process, heap or module snapshot according to the provided flags. It calls the CreateToolhelp32Snapshot windows API function.
It is the caller's responsibility to close the returned snapshot handle when finished with it by calling syscall.CloseHandle().
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot
Types ¶
type ModuleEntry ¶
type ModuleEntry struct {
Size uint32
ModuleID uint32
ProcessID uint32
GlobalUsage uint32 // Unused
ProcUsage uint32 // Unused
BaseAddr uintptr
BaseSize uint32
Handle syscall.Handle
NameBuffer [MaxModuleName + 1]uint16
PathBuffer [syscall.MAX_PATH]uint16
}
ModuleEntry holds information about a module within a process.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/ns-tlhelp32-moduleentry32w
func FirstModule ¶
func FirstModule(snapshot syscall.Handle) (entry ModuleEntry, err error)
FirstModule returns the first module entry from a snapshot. It calls the Module32FirstW windows API function.
FirstModule returns io.EOF if there are no modules in the snapshot.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/nf-tlhelp32-module32firstw
func NextModule ¶
func NextModule(snapshot syscall.Handle) (entry ModuleEntry, err error)
NextModule returns the next module entry from a snapshot. It calls the Module32NextW windows API function.
NextModule returns io.EOF if there are no more modules in the snapshot.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/nf-tlhelp32-module32nextw
func (*ModuleEntry) Name ¶
func (entry *ModuleEntry) Name() string
Name returns the module name as a string.
func (*ModuleEntry) Path ¶
func (entry *ModuleEntry) Path() string
Path returns the module path as a string.
type ProcessEntry ¶
type ProcessEntry struct {
Size uint32
Usage uint32 // Unused
ProcessID uint32
DefaultHeapID uintptr // Unused
ModuleID uint32 // Unused
Threads uint32
ParentProcessID uint32
BaseThreadPriority int32
Flags uint32
NameBuffer [syscall.MAX_PATH]uint16
}
ProcessEntry holds information about a process.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/ns-tlhelp32-processentry32w
func FirstProcess ¶
func FirstProcess(snapshot syscall.Handle) (entry ProcessEntry, err error)
FirstProcess returns the first process entry from a snapshot. It calls the Process32FirstW windows API function.
FirstProcess returns io.EOF if there are no processes in the snapshot.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/nf-tlhelp32-process32firstw
func NextProcess ¶
func NextProcess(snapshot syscall.Handle) (entry ProcessEntry, err error)
NextProcess returns the next process entry from a snapshot. It calls the Process32NextW windows API function.
NextProcess returns io.EOF if there are no more processes in the snapshot.
https://docs.microsoft.com/en-us/windows/desktop/api/tlhelp32/nf-tlhelp32-process32nextw
func (*ProcessEntry) Name ¶
func (entry *ProcessEntry) Name() string
Name returns the executable file name of the process as a string.
Source Files