cmd

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2021 License: GPL-3.0 Imports: 14 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	// True is the 'true' bool value.
	True = boolean(2)
	// False is the 'false' bool value.
	False = boolean(1)
	// Empty represents the absence of a value.
	Empty = boolean(0)
)
View Source 
const (
	// VerbEdit launches an editor and opens the document for editing. If the target is not a document file,
	// the function will fail.
	VerbEdit = Verb("edit")
	// VerbFind initiates a search beginning in the directory specified by the working directory.
	VerbFind = Verb("find")
	// VerbOpen opens the item specified by the target parameter. The item can be a file or folder.
	VerbOpen = Verb("open")
	// VerbPrint prints the file specified by the target. If the target is not a document file, the function fails.
	VerbPrint = Verb("print")
	// VerbRunAs launches an application as Administrator. User Account Control (UAC) will prompt the user for consent to run
	// the application elevated or enter the credentials of an administrator account used to run the application.
	VerbRunAs = Verb("runas")
	//VerbExplore explores a folder specified by the target.
	VerbExplore = Verb("explore")
)

Variables

View Source 
var (
	// AnyParent will attempt to locate a parent process that may be elevated
	// based on the current process permissions.
	//
	// This one will fallback to non-elevated if all checks fail.
	AnyParent = (&Filter{Fallback: true}).SetElevated(true)
	// RandomParent is a Filter that can be used by default to select ANY random
	// process on the target device to be used as the parent process without
	// creating a new Filter struct.
	RandomParent = &Filter{Fallback: false}
)
View Source 
var (
	// ErrNotStarted is an error returned by multiple functions functions when attempting to access a
	// Runnable function that requires the Runnable to be started first.
	ErrNotStarted = xerr.New("process has not been started")
	// ErrEmptyCommand is an error returned when attempting to start a Runnable that has empty arguments.
	ErrEmptyCommand = xerr.New("process arguments are empty")
	// ErrStillRunning is returned when attempting to access the exit code on a Runnable.
	ErrStillRunning = xerr.New("process is still running")
	// ErrAlreadyStarted is an error returned by the 'Start' or 'Run' functions when attempting to start
	// a Runnable that has already been started via a 'Start' or 'Run' function call.
	ErrAlreadyStarted = xerr.New("process has already been started")
	// ErrNoProcessFound is returned by the SetParent* functions on Windows devices when a specified parent
	// could not be found.
	ErrNoProcessFound = xerr.New("could not find a suitable parent")
)

Functions

func Fork 

func Fork() (uint32, error)

Fork will attempt to use built-in system utilities to fork off the process into a separate, but similar process. If successful, this function will return the PID of the new process.

func ResumeProcess added in v0.1.0 

func ResumeProcess(p uint32) error

ResumeProcess will attempt to resume the process via it's PID. This will attempt to resume the process using an OS-dependent syscall.

This will not affect already running processes.

func ShellExecute 

func ShellExecute(_ Verb, _ int32, _ string, _ ...string) error

ShellExecute calls the Windows ShellExecuteW API function. This will "preform an operation on the specified target" from the API documentation.

The parameters include the Verb (required), Flags, Working Directory and Arguments. The first string specified in args is the value that will fill 'lpFile' and the rest will be filled into the 'lpArguments' parameter. Otherwise, if empty, they will both be nil.

The error returned will be nil if the function call is successful.

Always returns 'ErrNoWindows' if the device is not running Windows.

func Split 

func Split(s string) []string

Split will attempt to split the specified string based on the escape characters and spaces while attempting to preserve anything that is not a splitting space. This will automatically detect quotes and backslashes. The return result is a string array that can be used as args.

TODO(dij): Refactor

func SuspendProcess added in v0.1.0 

func SuspendProcess(p uint32) error

SuspendProcess will attempt to suspend the process via it's PID. This will attempt to suspend the process using an OS-dependent syscall.

This will not affect already suspended processes.

Types

type Assembly added in v0.1.0 

type Assembly struct {
	Data []byte

	Timeout time.Duration
	// contains filtered or unexported fields
}

Assembly is a struct that can be used to contain and run shellcode on Windows devices. This struct has many of the functionallies of the standard 'cmd.Program' function.

The 'SetParent*' function will attempt to set the target that runs the shellcode. If none are specified, the shellcode will be injected into the current process.

This struct only works on Windows devices. All calls on non-Windows devices will return 'ErrNoWindows'.

TODO(dij): Add Linux shellcode execution support.

func NewAsm added in v0.1.0 

func NewAsm(b []byte) *Assembly

NewAsm creates a new Assembly thread instance that uses the supplied byte array as the Data buffer. Similar to '&Assembly{Data: b}'.

func NewAsmContext added in v0.1.0 

func NewAsmContext(x context.Context, b []byte) *Assembly

NewAsmContext creates a new Code thread instance that uses the supplied byte array as the Data buffer.

This function accepts a context that can be used to control the cancelation of the thread.

func (*Assembly) ExitCode added in v0.1.0 

func (a *Assembly) ExitCode() (int32, error)

ExitCode returns the Exit Code of the thread. If the thread is still running or has not been started, this function returns an 'ErrNotCompleted' error.

func (*Assembly) Handle added in v0.1.0 

func (a *Assembly) Handle() (uintptr, error)

Handle returns the handle of the current running thread. The return is a uintptr that can converted into a Handle.

This function returns an error if the thread was not started. The handle is not expected to be valid after the thread exits or is terminated.

func (*Assembly) Location added in v0.1.0 

func (a *Assembly) Location() (uintptr, error)

Location returns the in-memory Location of the current Assembly thread, if running. The return is a uintptr that can converted into a Handle.

This function returns an error if the Assembly thread was not started. The handle is not expected to be valid after the thread exits or is terminated.

func (Assembly) Pid added in v0.1.0 

func (Assembly) Pid() uint32

Pid retruns the process ID of the owning process (the process running the thread.)

This may return zero if the thread has not yet been started.

func (*Assembly) Run added in v0.1.0 

func (a *Assembly) Run() error

Run will start the Assembly thread and wait until it completes. This function will return the same errors as the 'Start' function if they occur or the 'Wait' function if any errors occur during thread runtime.

Always returns nil on non-Windows devices.

func (*Assembly) Running added in v0.1.0 

func (a *Assembly) Running() bool

Running returns true if the current thread is running, false otherwise.

func (Assembly) SetParent added in v0.1.0 

func (Assembly) SetParent(_ *Filter)

SetParent will instruct the Assembly thread to choose a parent with the supplied process Filter. If the Filter is nil this will use the current process (default).

This function has no effect if the device is not running Windows.

func (*Assembly) SetSuspended added in v0.1.0 

func (a *Assembly) SetSuspended(s bool)

SetSuspended will delay the execution of this thread and will put the thread in a suspended state until it is resumed using a Resume call.

This function has no effect if the device is not running Windows.

func (Assembly) Start added in v0.1.0 

func (Assembly) Start() error

Start will attempt to start the Assembly thread and will return any errors that occur while starting the thread.

This function will return 'ErrEmptyCommand' if the 'Data' parameter is empty or the 'ErrAlreadyStarted' error if attempting to start a thread that already has been started previously.

Always returns 'ErrNoWindows' on non-Windows devices.

func (*Assembly) Stop added in v0.1.0 

func (a *Assembly) Stop() error

Stop will attempt to terminate the currently running thread.

Always returns nil on non-Windows devices.

func (*Assembly) String added in v0.1.0 

func (a *Assembly) String() string

String returns a string representation of the thread's data, such as the pointer and memory addresses.

func (*Assembly) Wait added in v0.1.0 

func (a *Assembly) Wait() error

Wait will block until the thread completes or is terminated by a call to Stop.

This function will return 'ErrNotStarted' if the thread has not been started.

type DLL 

type DLL struct {
	Path string

	Timeout time.Duration
	// contains filtered or unexported fields
}

DLL is a struct that can be used to reflectively load a DLL into the memory of a selected process. Similar to the Assembly struct, this struct can only be used on Windows devices and will return 'ErrNoWindows' on non-Windows devices.

The 'SetParent*' function will attempt to set the target that loads the DLL. If none are specified, the DLL will be loaded into the current process.

func NewDLL 

func NewDLL(p string) *DLL

NewDLL creates a new DLL instance that uses the supplied string as the DLL file path. Similar to '&DLL{Path: p}'.

func NewDLLBytes added in v0.1.0 

func NewDLLBytes(b []byte) (*DLL, error)

NewDLLBytes creates a new DLL instance that uses the supplied raw bytes as the binary data to construct the DLL on disk to be executed.

NOTE(dij): This function does a write to disk. TODO(dij): In a future release, make this into a reflective loader.

func NewDLLBytesContext added in v0.1.0 

func NewDLLBytesContext(x context.Context, b []byte) (*DLL, error)

NewDLLBytesContext creates a new DLL instance that uses the supplied raw bytes as the binary data to construct the DLL on disk to be executed.

NOTE(dij): This function does a write to disk. TODO(dij): In a future release, make this into a reflective loader.

This function accepts a context that can be used to control the cancelation of the thread.

func NewDllContext 

func NewDllContext(x context.Context, p string) *DLL

NewDllContext creates a new DLL instance that uses the supplied string as the DLL file path.

This function accepts a context that can be used to control the cancelation of the thread.

func (*DLL) ExitCode 

func (d *DLL) ExitCode() (int32, error)

ExitCode returns the Exit Code of the thread. If the thread is still running or has not been started, this function returns an 'ErrNotCompleted' error.

func (*DLL) Handle 

func (d *DLL) Handle() (uintptr, error)

Handle returns the handle of the current running thread. The return is a uintptr that can converted into a Handle.

This function returns an error if the thread was not started. The handle is not expected to be valid after the thread exits or is terminated.

func (DLL) Pid added in v0.1.0 

func (DLL) Pid() uint32

Pid retruns the process ID of the owning process (the process running the thread.)

This may return zero if the thread has not yet been started.

func (*DLL) Run 

func (d *DLL) Run() error

Run will start the DLL thread and wait until it completes. This function will return the same errors as the 'Start' function if they occur or the 'Wait' function if any errors occur during thread runtime.

Always returns nil on non-Windows devices.

func (*DLL) Running 

func (d *DLL) Running() bool

Running returns true if the current thread is running, false otherwise.

func (DLL) SetParent 

func (DLL) SetParent(_ *Filter)

SetParent will instruct the DLL to choose a parent with the supplied process Filter. If the Filter is nil this will use the current process (default).

This function has no effect if the device is not running Windows.

func (*DLL) SetSuspended added in v0.1.0 

func (d *DLL) SetSuspended(s bool)

SetSuspended will delay the execution of this thread and will put the thread in a suspended state until it is resumed using a Resume call.

This function has no effect if the device is not running Windows.

func (DLL) Start 

func (DLL) Start() error

Start will attempt to start the DLL and will return an errors that occur while starting the DLL.

This function will return 'ErrEmptyCommand' if the 'Path' parameter is empty and 'ErrAlreadyStarted' if attempting to start a DLL that already has been started previously.

Always returns 'ErrNoWindows' on non-Windows devices.

func (*DLL) Stop 

func (d *DLL) Stop() error

Stop will attempt to terminate the currently running thread.

Always returns nil on non-Windows devices.

func (*DLL) String 

func (d *DLL) String() string

String returns a string representation of the thread's data, such as the pointer and memory addresses.

func (*DLL) Wait 

func (d *DLL) Wait() error

Wait will block until the thread completes or is terminated by a call to Stop.

This function will return 'ErrNotStarted' if the thread has not been started.

type ExitError 

type ExitError struct {
	Exit uint32
}

ExitError is a type of error that is returned by the Wait and Run functions when a function returns an error code other than zero.

func (ExitError) Error 

func (e ExitError) Error() string

Error fulfills the error interface and retruns a formatted string that specifies the Process Exit Code.

type Filter 

type Filter struct {
	// Exclude and Include determine the processes that can be included or omitted during
	// process listing. 'Exclude' always takes precedence over 'Include'.
	//
	// Ether one being nil or empty means no processes are included/excluded.
	// All matches are case-insensitive.
	Exclude []string `json:"exclude,omitempty"`
	Include []string `json:"include,omitempty"`
	// PID will attempt to select the PID to be used for the parent.
	// If set to zero, it will be ignored. Values less than 5 are not valid!
	PID uint32 `json:"pid,omitempty"`
	// Fallback specifies if the opts routine should try again with less constaints
	// than the previous attempt. All attempts will still respect the 'Exclude' and
	// 'Ignore' directives.
	Fallback bool `json:"fallback,omitempty"`
	// Session can be set to 'True' or 'False' to attempt to target processes that
	// are either in or not in a DWM session environment (ie: in a user deskop [True]
	// or a service context [False]). This value is ignored if set to 'Empty'.
	Session boolean `json:"session,omitempty"`
	// Elevated can be set 'True' or 'False' to attempt to target processes that are
	// in a High/System or Lower integrity context. 'True' will attempt to select
	// elevated processes, while 'False' will select lower integrity or non-elevated
	// processes. If set to 'Empty' or omitted, this will be set based on the current
	// process's integrity level (ie: 'True' if device.Elevated == true else 'False').
	Elevated boolean `json:"elevated,omitempty"`
}

Filter is a struct that can be used to set the Parent process for many types of 'Runnable' compatable interfaces.

Each option can be set directly or chained using the function calls which all return the struct for chain usage.

This struct can be serialized into JSON or written using a Stream Marshaler.

func B added in v0.0.6 

func B(f bool) *Filter

B is a shortcut for '&Filter{Fallback: f}'

func E added in v0.1.0 

func E(s ...string) *Filter

E is a shortcut for '&Filter{Exclude: s}'

func F 

func F() *Filter

F is a shortcut for 'new(Filter)'

func I added in v0.1.0 

func I(s ...string) *Filter

I is a shortcut for '&Filter{Include: s}'

func (*Filter) Clear 

func (f *Filter) Clear() *Filter

Clear clears the Filter settings, except for 'Fallback' and returns itself.

func (Filter) Handle added in v0.0.9 

func (Filter) Handle(_ uint32) (uintptr, error)

Handle will attempt to find a process with the specified Filter options. If a suitable process is found, the Process Handle will be returned. The first argument is the access rights requested, expressed as a uint32.

An'ErrNoProcessFound' error will be returned if no processes that match the Filter are found.

This function returns 'ErrNoWindows' on non-Windows devices.

func (Filter) HandleFunc added in v0.0.9 

func (Filter) HandleFunc(_ uint32, _ filter) (uintptr, error)

HandleFunc will attempt to find a process with the specified Filter options. If a suitable process is found, the Process Handle will be returned.

This function allows for a filtering function to be passed along that will be supplied with the ProcessID, if the process is elevated, the process name and process handle. The function supplied should return true if the process passes the filter. The function argument may be nil.

An'ErrNoProcessFound' error will be returned if no processes that match the Filter are found.

This function returns 'ErrNoWindows' on non-Windows devices.

func (Filter) MarshalJSON added in v0.1.0 

func (f Filter) MarshalJSON() ([]byte, error)

MarshalJSON will attempt to convert the data in this Filter into the returned JSON byte array.

func (Filter) MarshalStream 

func (f Filter) MarshalStream(w data.Writer) error

MarshalStream will attempt to write the Filter data to the supplied Writer and return any errors that may occur.

func (Filter) Select 

func (f Filter) Select() (uint32, error)

Select will attempt to find a process with the specified Filter options. If a suitable process is found, the Process ID will be returned.

An'ErrNoProcessFound' error will be returned if no processes that match the Filter are found.

This function returns 'ErrNoWindows' on non-Windows devices if a PID is not set.

func (Filter) SelectFunc 

func (f Filter) SelectFunc(_ filter) (uint32, error)

SelectFunc will attempt to find a process with the specified Filter options. If a suitable process is found, the Process ID will be returned.

This function allows for a filtering function to be passed along that will be supplied with the ProcessID, if the process is elevated, the process name and process handle. The function supplied should return true if the process passes the filter. The function argument may be nil.

An'ErrNoProcessFound' error will be returned if no processes that match the Filter are found.

This function returns 'ErrNoWindows' on non-Windows devices if a PID is not set.

func (*Filter) SetElevated 

func (f *Filter) SetElevated(e bool) *Filter

SetElevated sets the Elevated setting to 'True' or 'False' and returns itself.

func (*Filter) SetExclude 

func (f *Filter) SetExclude(n ...string) *Filter

SetExclude sets the Exclusion list and returns itself.

func (*Filter) SetFallback 

func (f *Filter) SetFallback(i bool) *Filter

SetFallback sets the Fallback setting and returns itself.

func (*Filter) SetInclude 

func (f *Filter) SetInclude(n ...string) *Filter

SetInclude sets the Inclusion list and returns itself.

func (*Filter) SetPID 

func (f *Filter) SetPID(p uint32) *Filter

SetPID sets the target PID and returns the Filter struct.

func (*Filter) SetSession 

func (f *Filter) SetSession(s bool) *Filter

SetSession sets the Session setting to 'True' or 'False' and returns itself.

func (*Filter) UnmarshalJSON added in v0.1.0 

func (f *Filter) UnmarshalJSON(b []byte) error

UnmarshalJSON will attempt to parse the supplied JSON into this Filter.

func (*Filter) UnmarshalStream 

func (f *Filter) UnmarshalStream(r data.Reader) error

UnmarshalStream will attempt to read the Filter data from the supplied Reader and return any errors that may occur.

type Process 

type Process struct {
	Stdin          io.Reader
	Stdout, Stderr io.Writer

	Dir       string
	Env, Args []string

	Timeout time.Duration
	// contains filtered or unexported fields
}

Process is a struct that represents an executable command and allows for setting options in order change the operating functions.

func NewProcess 

func NewProcess(s ...string) *Process

NewProcess creates a new process instance that uses the supplied string vardict as the command line arguments. Similar to '&Process{Args: s}'.

func NewProcessContext 

func NewProcessContext(x context.Context, s ...string) *Process

NewProcessContext creates a new process instance that uses the supplied string vardict as the command line arguments.

This function accepts a context that can be used to control the cancelation of this process.

func (*Process) CombinedOutput 

func (p *Process) CombinedOutput() ([]byte, error)

CombinedOutput runs the Process and returns its combined standard output and standard error. Any returned error will usually be of type *ExitError.

func (*Process) ExitCode 

func (p *Process) ExitCode() (int32, error)

ExitCode returns the Exit Code of the process. If the Process is still running or has not been started, this function returns an 'ErrStillRunning' error.

func (*Process) Flags 

func (p *Process) Flags() uint32

Flags returns the current set flags value based on the configured options.

func (Process) Handle 

func (Process) Handle() (uintptr, error)

Handle returns the handle of the current running Process. The return is a uintptr that can converted into a Handle.

This function returns an error if the Process was not started. The handle is not expected to be valid after the Process exits or is terminated.

This function always returns 'ErrNoWindows' on non-Windows devices.

func (*Process) Output 

func (p *Process) Output() ([]byte, error)

Output runs the Process and returns its standard output. Any returned error will usually be of type *ExitError.

func (*Process) Pid 

func (p *Process) Pid() uint32

Pid returns the current process PID. This function returns zero if the process has not been started.

func (*Process) Resume added in v0.1.0 

func (p *Process) Resume() error

Resume will attempt to resume this process. This will attempt to resume the process using an OS-dependent syscall.

This will not affect already running processes.

func (*Process) Run 

func (p *Process) Run() error

Run will start the process and wait until it completes. This function will return the same errors as the 'Start' function if they occur or the 'Wait' function if any errors occur during Process runtime.

func (*Process) Running 

func (p *Process) Running() bool

Running returns true if the current Process is running, false otherwise.

func (*Process) SetChroot 

func (p *Process) SetChroot(s string)

SetChroot will set the process Chroot directory at runtime. This function takes the directory path as a string value. Use an empty string "" to disable this setting. The specified Path value is validated at runtime.

This function has no effect on Windows devices.

func (Process) SetDetached 

func (Process) SetDetached(_ bool)

SetDetached will detach or detach the console of the newly spawned process from the parent. This function has no effect on non-console commands. Setting this to true disables SetNewConsole.

This function has no effect if the device is not running Windows.

func (*Process) SetFlags 

func (p *Process) SetFlags(f uint32)

SetFlags will set the startup Flag values used for Windows programs. This function overrites many of the 'Set*' functions.

func (Process) SetFullscreen 

func (Process) SetFullscreen(_ bool)

SetFullscreen will set the window fullscreen state of the newly spawned process. This function has no effect on commands that do not generate windows.

This function has no effect if the device is not running Windows.

func (*Process) SetGID 

func (p *Process) SetGID(i int32)

SetGID will set the process GID at runtime. This function takes the numerical GID value. Use '-1' to disable this setting. The GID value is validated at runtime.

This function has no effect on Windows devices.

func (*Process) SetInheritEnv 

func (p *Process) SetInheritEnv(i bool)

SetInheritEnv will change the behavior of the Environment variable inheritance on startup. If true (the default), the current Environment variables will be filled in, even if 'Env' is not empty.

If set to false, the current Environment variables will not be added into the Process's starting Environment.

func (Process) SetNewConsole 

func (Process) SetNewConsole(_ bool)

SetNewConsole will allocate a new console for the newly spawned process. This console output will be independent of the parent process.

This function has no effect if the device is not running Windows.

func (Process) SetNoWindow 

func (Process) SetNoWindow(_ bool)

SetNoWindow will hide or show the window of the newly spawned process.

This function has no effect on commands that do not generate windows or if the device is not running Windows.

func (Process) SetParent 

func (Process) SetParent(_ *Filter)

SetParent will instruct the Process to choose a parent with the supplied process Filter. If the Filter is nil this will use the current process (default). Setting the Parent process will automatically set 'SetNewConsole' to true

This function has no effect if the device is not running Windows.

func (Process) SetSuspended 

func (Process) SetSuspended(_ bool)

SetSuspended will delay the execution of this Process and will put the process in a suspended state until it is resumed using a Resume call.

This function has no effect if the device is not running Windows.

func (*Process) SetUID 

func (p *Process) SetUID(i int32)

SetUID will set the process UID at runtime. This function takes the numerical UID value. Use '-1' to disable this setting. The UID value is validated at runtime.

This function has no effect on Windows devices.

func (Process) SetWindowDisplay 

func (Process) SetWindowDisplay(_ int)

SetWindowDisplay will set the window display mode of the newly spawned process. This function has no effect on commands that do not generate windows.

See the 'SW_*' values in winuser.h or the Golang windows package documentation for more details.

This function has no effect if the device is not running Windows.

func (Process) SetWindowPosition 

func (Process) SetWindowPosition(_, _ uint32)

SetWindowPosition will set the window postion of the newly spawned process. This function has no effect on commands that do not generate windows.

This function has no effect if the device is not running Windows.

func (Process) SetWindowSize 

func (Process) SetWindowSize(_, _ uint32)

SetWindowSize will set the window display size of the newly spawned process. This function has no effect on commands that do not generate windows.

This function has no effect if the device is not running Windows.

func (Process) SetWindowTitle 

func (Process) SetWindowTitle(_ string)

SetWindowTitle will set the title of the new spawned window to the the specified string. This function has no effect on commands that do not generate windows. Setting the value to an empty string will unset this setting.

This function has no effect if the device is not running Windows.

func (*Process) Start 

func (p *Process) Start() error

Start will attempt to start the Process and will return an errors that occur while starting the Process.

This function will return 'ErrEmptyCommand' if the 'Args' parameter is empty and 'ErrAlreadyStarted' if attempting to start a Process that already has been started previously.

func (*Process) StderrPipe 

func (p *Process) StderrPipe() (io.ReadCloser, error)

StderrPipe returns a pipe that will be connected to the Processes's standard error when the Processes starts.

The pipe will be closed after the Processe exits, so most callers need not close the pipe themselves. It is thus incorrect to call Wait before all reads from the pipe have completed. For the same reason, it is incorrect to use Run when using StderrPipe.

See the stdlib StdoutPipe example for idiomatic usage.

func (*Process) StdinPipe 

func (p *Process) StdinPipe() (io.WriteCloser, error)

StdinPipe returns a pipe that will be connected to the Processes's standard input when the Process starts. The pipe will be closed automatically after the Processes starts. A caller need only call Close to force the pipe to close sooner.

func (*Process) StdoutPipe 

func (p *Process) StdoutPipe() (io.ReadCloser, error)

StdoutPipe returns a pipe that will be connected to the Processes's standard output when the Processes starts.

The pipe will be closed after the Processe exits, so most callers need not close the pipe themselves. It is thus incorrect to call Wait before all reads from the pipe have completed. For the same reason, it is incorrect to use Run when using StderrPipe.

See the stdlib StdoutPipe example for idiomatic usage.

func (*Process) Stop 

func (p *Process) Stop() error

Stop will attempt to terminate the currently running Process instance. Stopping a Process may prevent the ability to read the Stdout/Stderr and any proper exit codes.

func (*Process) String 

func (p *Process) String() string

String returns the command and arguments that this Process will execute.

func (*Process) Suspend added in v0.1.0 

func (p *Process) Suspend() error

Suspend will attempt to suspend this process. This will attempt to suspend the process using an OS-dependent syscall.

This will not affect already suspended processes.

func (*Process) Wait 

func (p *Process) Wait() error

Wait will block until the Process completes or is terminated by a call to Stop. This will start the process if not already started.

type Runnable 

type Runnable interface {
	Run() error
	Pid() uint32
	Wait() error
	Stop() error
	Start() error
	Running() bool
	SetParent(*Filter)
	ExitCode() (int32, error)
}

Runnable is an interface that helps support the type of structs that can be used for execution, such as Assembly, DLL and Process, which share the same methods as this interface.

type Verb 

type Verb string

Verb is the equivalent to the Windows ShellExecute verb type string. This is used in the ShellExecute function.

type Zombie added in v0.1.0 

type Zombie struct {
	Path string
	Data []byte

	Process
	// contains filtered or unexported fields
}

Zombie is a struct that represents a Assembly backed process. This is simalar to 'execute-assembly' and will launch a suspended process to be injected into.

The 'Path' or 'Data' arguments can be used to specificy a DLL path or shellcode to be ran by the zombie. The 'Data' argument takes precedence over 'Path'. At least one of them must be supplied or an 'ErrEmptyCommand' error will be returned on any calls to 'Start'.

This struct shares many of the same methods as the 'Process' struct. The 'SetParent' function will affect the parent of the spawned process.

func NewZombie added in v0.1.0 

func NewZombie(b []byte, s ...string) *Zombie

NewZombie creates a Zombie struct that can be use to spawn a sacrificial process specified in the args vardict that will execute the shellcode in the byte array.

func NewZombieContext added in v0.1.0 

func NewZombieContext(x context.Context, b []byte, s ...string) *Zombie

NewZombieContext creates a Zombie struct that can be use to spawn a sacrificial process specified in the args vardict that will execute the shellcode in the byte array.

This function allows for specification of a Context for cancelation.

func NewZombieDLL added in v0.1.0 

func NewZombieDLL(p string, s ...string) *Zombie

NewZombieDLL creates a Zombie struct that can be use to spawn a sacrificial process specified in the args vardict that will execute the DLL in the specified path.

func NewZombieDLLContext added in v0.1.0 

func NewZombieDLLContext(x context.Context, p string, s ...string) *Zombie

NewZombieDLLContext creates a Zombie struct that can be use to spawn a sacrificial process specified in the args vardict that will execute the DLL in the specified path.

This function allows for specification of a Context for cancelation.

func (Zombie) ExitCode added in v0.1.0 

func (z Zombie) ExitCode() (int32, error)

ExitCode returns the Exit Code of the Zombie thread. If the Zombie is still running or has not been started, this function returns an 'ErrStillRunning' error.

func (*Zombie) Handle added in v0.1.0 

func (z *Zombie) Handle() (uintptr, error)

Handle returns the handle of the current running Zombie. The return is a uintptr that can converted into a Handle.

This function returns an error if the Zombie was not started. The handle is not expected to be valid after the Process exits or is terminated.

This function always returns 'ErrNoWindows' on non-Windows devices.

func (*Zombie) Location added in v0.1.0 

func (z *Zombie) Location() (uintptr, error)

Location returns the in-memory Location of the current Zombie thread, if running. The return is a uintptr that can converted into a Handle.

This function returns an error if the Zombie thread was not started. The handle is not expected to be valid after the thread exits or is terminated.

func (*Zombie) Resume added in v0.1.0 

func (z *Zombie) Resume() error

Resume will attempt to resume this process. This will attempt to resume the process using an OS-dependent syscall.

This will not affect already running processes.

func (*Zombie) Run added in v0.1.0 

func (z *Zombie) Run() error

Run will start the Zombie and wait until it completes. This function will return the same errors as the 'Start' function if they occur or the 'Wait' function if any errors occur during Process runtime.

func (*Zombie) Running added in v0.1.0 

func (z *Zombie) Running() bool

Running returns true if the current Zombie is running, false otherwise.

func (*Zombie) SetSuspended added in v0.1.0 

func (z *Zombie) SetSuspended(s bool)

SetSuspended will delay the execution of this thread and will put the thread in a suspended state until it is resumed using a Resume call.

This function has no effect if the device is not running Windows.

func (Zombie) Start added in v0.1.0 

func (Zombie) Start() error

Start will attempt to start the Zombie and will return an errors that occur while starting the Process.

This function will return 'ErrEmptyCommand' if the 'Args', the 'Data' or the 'Path; parameters are empty and 'ErrAlreadyStarted' if attempting to start a Zombie that already has been started previously.

Always returns 'ErrNoWindows' on non-Windows devices.

func (*Zombie) Stop added in v0.1.0 

func (z *Zombie) Stop() error

Stop will attempt to terminate the currently running Zombie instance. Stopping a Zombie may prevent the ability to read the Stdout/Stderr and any proper exit codes.

func (*Zombie) Suspend added in v0.1.0 

func (z *Zombie) Suspend() error

Suspend will attempt to suspend this process. This will attempt to suspend the process using an OS-dependent syscall.

This will not affect already suspended processes.

func (*Zombie) Wait added in v0.1.0 

func (z *Zombie) Wait() error

Wait will block until the Zombie completes or is terminated by a call to Stop. This will start the process if not already started.

Source Files

View all Source files

Directories

Path Synopsis
smonkey
sotto

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.