winapi

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2022 License: GPL-3.0 Imports: 2 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ErrNoData           syscall.Errno = 232
	ErrPipeBusy         syscall.Errno = 231
	ErrIoPending        syscall.Errno = 997
	ErrBrokenPipe       syscall.Errno = 109
	ErrSemTimeout       syscall.Errno = 121
	ErrBadPathname      syscall.Errno = 161
	ErrInvalidName      syscall.Errno = 123
	ErrNoMoreFiles      syscall.Errno = 18
	ErrIoIncomplete     syscall.Errno = 996
	ErrFileNotFound     syscall.Errno = 2
	ErrPipeConnected    syscall.Errno = 535
	ErrOperationAborted syscall.Errno = 995
)

Windows API Specific syscall error values.

Variables

View Source 
var (
	// CurrentThread returns the handle for the current thread. It is a pseudo
	// handle that does not need to be closed.
	CurrentThread = ^uintptr(2 - 1)
	// CurrentProcess returns the handle for the current process. It is a pseudo
	// handle that does not need to be closed.
	CurrentProcess = ^uintptr(0)
)

Functions

func ActiveDisplays added in v0.2.2 

func ActiveDisplays() (uint32, error)

ActiveDisplays returns the count of current active displays enabled on the device.

This function returns an error if any error occurs when retriving the display count.

func AdjustTokenPrivileges 

func AdjustTokenPrivileges(h uintptr, disableAll bool, new unsafe.Pointer, newLen uint32, old unsafe.Pointer, oldLen *uint32) error

AdjustTokenPrivileges Windows API Call 

The AdjustTokenPrivileges function enables or disables privileges in the
specified access token. Enabling or disabling privileges in an access token
requires TOKEN_ADJUST_PRIVILEGES access.

https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-adjusttokenprivileges

func CancelIoEx 

func CancelIoEx(h uintptr, o *Overlapped) error

CancelIoEx Windows API Call 

Marks any outstanding I/O operations for the specified file handle. The
function only cancels I/O operations in the current process, regardless of
which thread created the I/O operation.

https://docs.microsoft.com/en-us/windows/win32/fileio/cancelioex-func

func CheckRemoteDebuggerPresent 

func CheckRemoteDebuggerPresent(h uintptr, b *bool) error

CheckRemoteDebuggerPresent Windows API Call 

Determines whether the specified process is being debugged.

https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-checkremotedebuggerpresent

func CloseHandle 

func CloseHandle(h uintptr) error

CloseHandle Windows API Call 

Closes an open object handle.

https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle

func ConnectNamedPipe 

func ConnectNamedPipe(h uintptr, o *Overlapped) error

ConnectNamedPipe Windows API Call 

Enables a named pipe server process to wait for a client process to connect
to an instance of a named pipe. A client process connects by calling either
the CreateFile or CallNamedPipe function.

https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-connectnamedpipe

func CreateEvent 

func CreateEvent(sa *SecurityAttributes, manual, initial bool, name string) (uintptr, error)

CreateEvent Windows API Call 

Creates or opens a named or unnamed event object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateEventw

func CreateFile 

func CreateFile(name string, access, mode uint32, sa *SecurityAttributes, disposition, attrs uint32, template uintptr) (uintptr, error)

CreateFile Windows API Call 

Creates or opens a file or I/O device. The most commonly used I/O devices
are as follows: file, file stream, directory, physical disk, volume, console
buffer, tape drive, communications resource, mailslot, and pipe. The function
returns a handle that can be used to access the file or device for various
types of I/O depending on the file or device and the flags and attributes
specified.

https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew

func CreateMailslot 

func CreateMailslot(name string, maxSize uint32, timeout int32, sa *SecurityAttributes) (uintptr, error)

CreateMailslot Windows API Call 

Creates a mailslot with the specified name and returns a handle that a
mailslot server can use to perform operations on the mailslot. The mailslot
is local to the computer that creates it. An error occurs if a mailslot
with the specified name already exists.

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createmailslotw

func CreateMutex 

func CreateMutex(sa *SecurityAttributes, initial bool, name string) (uintptr, error)

CreateMutex Windows API Call 

Creates or opens a named or unnamed mutex object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateMutexw

func CreateNamedPipe 

func CreateNamedPipe(name string, flags, mode, max, out, in, timeout uint32, sa *SecurityAttributes) (uintptr, error)

CreateNamedPipe Windows API Call 

Creates an instance of a named pipe and returns a handle for subsequent pipe
operations. A named pipe server process uses this function either to create
the first instance of a specific named pipe and establish its basic attributes
or to create a new instance of an existing named pipe.

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea

func CreateProcess 

func CreateProcess(name, cmd string, procSa, threadSa *SecurityAttributes, inherit bool, flags uint32, env []string, dir string, y *StartupInfo, x *StartupInfoEx, i *ProcessInformation) error

CreateProcess Windows API Call 

Creates a new process and its primary thread. The new process runs in the
security context of the calling process.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessw

func CreateProcessWithToken 

func CreateProcessWithToken(t uintptr, loginFlags uint32, name, cmd string, flags uint32, env []string, dir string, y *StartupInfo, x *StartupInfoEx, i *ProcessInformation) error

CreateProcessWithToken Windows API Call 

Creates a new process and its primary thread. The new process runs in the
security context of the specified token. It can optionally load the user
profile for the specified user.

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw

func CreateSemaphore 

func CreateSemaphore(sa *SecurityAttributes, initial, max uint32, name string) (uintptr, error)

CreateSemaphore Windows API Call 

Creates or opens a named or unnamed semaphore object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateSemaphorew

func CreateToolhelp32Snapshot 

func CreateToolhelp32Snapshot(flags, pid uint32) (uintptr, error)

CreateToolhelp32Snapshot Windows API Call 

Takes a snapshot of the specified processes, as well as the heaps, modules,
and threads used by these processes.

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot

func DeleteProcThreadAttributeList 

func DeleteProcThreadAttributeList(a *StartupAttributes) error

DeleteProcThreadAttributeList Windows API Call 

Deletes the specified list of attributes for process and thread creation.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-deleteprocthreadattributelist

func DisconnectNamedPipe 

func DisconnectNamedPipe(h uintptr) error

DisconnectNamedPipe Windows API Call 

Disconnects the server end of a named pipe instance from a client process.

https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-disconnectnamedpipe

func DisplayBounds added in v0.2.2 

func DisplayBounds(i uint32) (image.Rectangle, error)

DisplayBounds returns the bounds of the supplied display index.

This function will return the bounds of the first monitor if the index is out of bounds of the current display count.

func DuplicateHandle 

func DuplicateHandle(srcProc, src, dstProc uintptr, dst *uintptr, access uint32, inherit bool, options uint32) error

DuplicateHandle Windows API Call 

Duplicates an object handle.

https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-duplicatehandle

func DuplicateTokenEx 

func DuplicateTokenEx(h uintptr, access uint32, sa *SecurityAttributes, level, p uint32, new *uintptr) error

DuplicateTokenEx Windows API Call 

The DuplicateTokenEx function creates a new access token that duplicates an
existing token. This function can create either a primary token or an
impersonation token.

https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex

func GetCurrentProcessID 

func GetCurrentProcessID() uint32

GetCurrentProcessID Windows API Call 

Retrieves the process identifier of the calling process.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getcurrentprocessid

func GetDebugPrivilege 

func GetDebugPrivilege() error

GetDebugPrivilege is a quick helper function that will attempt to grant the caller the "SeDebugPrivilege" privilege.

func GetExitCodeProcess 

func GetExitCodeProcess(h uintptr, e *uint32) error

GetExitCodeProcess Windows API Call 

Retrieves the termination status of the specified process.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getexitcodeprocess

func GetExitCodeThread 

func GetExitCodeThread(h uintptr, e *uint32) error

GetExitCodeThread Windows API Call 

Retrieves the termination status of the specified thread.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getexitcodethread

func GetLogicalDrives 

func GetLogicalDrives() (uint32, error)

GetLogicalDrives Windows API Call 

Retrieves a bitmask representing the currently available disk drives.

https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getlogicaldrives

func GetOverlappedResult 

func GetOverlappedResult(h uintptr, o *Overlapped, n *uint32, w bool) error

GetOverlappedResult Windows API Call 

Retrieves the results of an overlapped operation on the specified file,
named pipe, or communications device. To specify a timeout interval or wait
on an alertable thread, use GetOverlappedResultEx.

https://docs.microsoft.com/en-us/windows/win32/api/ioapiset/nf-ioapiset-getoverlappedresult

func GetProcessFileName 

func GetProcessFileName(h uintptr) (string, error)

GetProcessFileName will attempt to retrive the basename of the process related to the open Process handle supplied.

func GetProcessID 

func GetProcessID(h uintptr) (uint32, error)

GetProcessID Windows API Call 

Retrieves the process identifier of the specified process.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getprocessid

func GetSystemDirectory 

func GetSystemDirectory() (string, error)

GetSystemDirectory Windows API Call 

Retrieves the path of the system directory. The system directory contains
system files such as dynamic-link libraries and drivers.

https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getsystemdirectoryw

func GetTokenInformation 

func GetTokenInformation(t uintptr, class uint32, info *byte, length uint32, ret *uint32) error

GetTokenInformation Windows API Call 

The GetTokenInformation function retrieves a specified type of information
about an access token. The calling process must have appropriate access
rights to obtain the information.

https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation

func GetVersion 

func GetVersion() (uint32, error)

GetVersion Windows API Call 

With the release of Windows 8.1, the behavior of the GetVersion API has
changed in the value it will return for the operating system version.
The value returned by the GetVersion function now depends on how the
application is manifested.

Applications not manifested for Windows 8.1 or Windows 10 will return the
Windows 8 OS version value (6.2). Once an application is manifested for a
given operating system version, GetVersion will always return the version
that the application is manifested for in future releases.

https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getversion

func ImpersonateNamedPipeClient 

func ImpersonateNamedPipeClient(h uintptr) error

ImpersonateNamedPipeClient Windows API Call 

The ImpersonateNamedPipeClient function impersonates a named-pipe client
application.

https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-impersonatenamedpipeclient

func InitializeProcThreadAttributeList 

func InitializeProcThreadAttributeList(a *StartupAttributes, count uint32, size *uint64, expected uint64) error

InitializeProcThreadAttributeList Windows API Call 

Initializes the specified list of attributes for process and thread creation.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-initializeprocthreadattributelist

func IsDebuggerPresent 

func IsDebuggerPresent() bool

IsDebuggerPresent Windows API Call 

Determines whether the calling process is being debugged by a user-mode
debugger.

https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-isdebuggerpresent

func IsTokenElevated 

func IsTokenElevated(h uintptr) bool

IsTokenElevated returns true if this token has a High or System privileges.

func KillRuntime added in v0.2.5 

func KillRuntime()

KillRuntime attempts to walk through the process threads and will forcefully kill all Golang based OS-Threads based on their starting address (which should be the same when starting from CGo).

This function should NOT be used on real binary files and only used on loaded libraries.

DO NOT EXPECT ANYTHING (INCLUDING DEFERS) TO HAPPEN AFTER THIS FUNCTION.

func LoadDLL 

func LoadDLL(s string) (uintptr, error)

LoadDLL loads DLL file into memory.

This function will attempt to load non-absolute paths from the system dependent DLL directory (usually system32).

func LoadLibraryAddress 

func LoadLibraryAddress() uintptr

LoadLibraryAddress is a simple function that returns the raw address of the 'LoadLibraryW' function in 'kernel32.dll' that's currently loaded.

func LoadLibraryEx 

func LoadLibraryEx(s string, flags uintptr) (uintptr, error)

LoadLibraryEx Windows API Call 

Loads the specified module into the address space of the calling process.
The specified module may cause other modules to be loaded.

https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw

func LookupPrivilegeValue 

func LookupPrivilegeValue(system, name string, l *LUID) error

LookupPrivilegeValue Windows API Call 

The LookupPrivilegeValue function retrieves the locally unique identifier
(LUID) used on a specified system to locally represent the specified privilege
name.

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegevaluew

func MiniDumpWriteDump added in v0.2.2 

func MiniDumpWriteDump(h uintptr, pid uint32, o uintptr, f uint32) error

MiniDumpWriteDump Windows API Call 

Writes user-mode minidump information to the specified file handle.

https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump

func NtAllocateVirtualMemory 

func NtAllocateVirtualMemory(h uintptr, size, access uint32) (uintptr, error)

NtAllocateVirtualMemory Windows API Call 

The NtAllocateVirtualMemory routine reserves, commits, or both, a region of
pages within the user-mode virtual address space of a specified process.

https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntallocatevirtualmemory

func NtCreateThreadEx 

func NtCreateThreadEx(h, address, args uintptr, suspended bool) (uintptr, error)

NtCreateThreadEx Windows API Call 

Creates a thread that runs in the virtual address space of another process
and optionally specifies extended attributes such as processor group affinity.

http://pinvoke.net/default.aspx/ntdll/NtCreateThreadEx.html

func NtFreeVirtualMemory 

func NtFreeVirtualMemory(h, address uintptr) error

NtFreeVirtualMemory Windows API Call 

The NtFreeVirtualMemory routine releases, decommits, or both releases and
decommits, a region of pages within the virtual address space of a specified
process.

https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntfreevirtualmemory

func NtProtectVirtualMemory 

func NtProtectVirtualMemory(h, address uintptr, size, access uint32) (uint32, error)

NtProtectVirtualMemory Windows API Call 

Changes the protection on a region of committed pages in the virtual address
space of a specified process.

http://pinvoke.net/default.aspx/ntdll/NtProtectVirtualMemory.html

func NtWriteVirtualMemory 

func NtWriteVirtualMemory(h, address uintptr, b []byte) (uint32, error)

NtWriteVirtualMemory Windows API Call 

This function copies the specified address range from the current process
into the specified address range of the specified process.

http://www.codewarrior.cn/ntdoc/winnt/mm/NtWriteVirtualMemory.htm

func OpenEvent 

func OpenEvent(access uint32, inherit bool, name string) (uintptr, error)

OpenEvent Windows API Call 

Opens an existing named event object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-openeventw

func OpenMutex 

func OpenMutex(access uint32, inherit bool, name string) (uintptr, error)

OpenMutex Windows API Call 

Opens an existing named mutex object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-OpenMutexw

func OpenProcess 

func OpenProcess(access uint32, inherit bool, pid uint32) (uintptr, error)

OpenProcess Windows API Call 

Opens an existing local process object.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess

func OpenProcessToken 

func OpenProcessToken(h uintptr, access uint32, res *uintptr) error

OpenProcessToken Windows API Call 

The OpenProcessToken function opens the access token associated with a process.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken

func OpenSemaphore 

func OpenSemaphore(access uint32, inherit bool, name string) (uintptr, error)

OpenSemaphore Windows API Call 

Opens an existing named semaphore object.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-OpenSemaphorew

func OpenThread 

func OpenThread(access uint32, inherit bool, tid uint32) (uintptr, error)

OpenThread Windows API Call 

Opens an existing thread object.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread

func OpenThreadToken 

func OpenThreadToken(h uintptr, access uint32, self bool, t *uintptr) error

OpenThreadToken Windows API Call 

The OpenThreadToken function opens the access token associated with a thread.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthreadtoken

func Process32First 

func Process32First(h uintptr, e *ProcessEntry32) error

Process32First Windows API Call 

Retrieves information about the next process recorded in a system snapshot.

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32next

func Process32Next 

func Process32Next(h uintptr, e *ProcessEntry32) error

Process32Next Windows API Call 

Retrieves information about the next process recorded in a system snapshot.

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32nextw

func QueryServiceDynamicInformation added in v0.2.1 

func QueryServiceDynamicInformation(h uintptr, l uint32) (uint32, error)

QueryServiceDynamicInformation Windows API Call 

Retrieves dynamic information related to the current service start.

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryservicedynamicinformation

func ReadFile 

func ReadFile(h uintptr, b []byte, n *uint32, o *Overlapped) error

ReadFile Windows API Call 

Reads data from the specified file or input/output (I/O) device. Reads
occur at the position specified by the file pointer if supported by the device.

https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile

func RegCreateKeyEx 

func RegCreateKeyEx(h uintptr, path, class string, options, access uint32, sa *SecurityAttributes, out *uintptr, result *uint32) error

RegCreateKeyEx Windows API Call 

Creates the specified registry key. If the key already exists, the function
opens it. Note that key names are not case sensitive.

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regcreatekeyexw

func RegDeleteKey 

func RegDeleteKey(h uintptr, path string) error

RegDeleteKey Windows API Call 

Deletes a subkey and its values. Note that key names are not case sensitive.
ONLY DELETES EMPTY SUBKEYS. (invalid argument if non-empty)

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletekeyw

func RegDeleteKeyEx added in v0.2.3 

func RegDeleteKeyEx(h uintptr, path string, f uint32) error

RegDeleteKeyEx Windows API Call 

Deletes a subkey and its values. Note that key names are not case sensitive.
ONLY DELETES EMPTY SUBKEYS. (invalid argument if non-empty)

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletekeyexw

func RegDeleteTree added in v0.2.3 

func RegDeleteTree(h uintptr, path string) error

RegDeleteTree Windows API Call 

Deletes the subkeys and values of the specified key recursively.

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletetreew

func RegDeleteValue 

func RegDeleteValue(h uintptr, path string) error

RegDeleteValue Windows API Call 

Removes a named value from the specified registry key. Note that value names
are not case sensitive.

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletevaluew

func RegEnumValue 

func RegEnumValue(h uintptr, index uint32, path *uint16, pathLen, valType *uint32, data *byte, dataLen *uint32) error

RegEnumValue Windows API Call 

Enumerates the values for the specified open registry key. The function
copies one indexed value name and data block for the key each time it is
called.

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regenumvaluew

func RegSetValueEx 

func RegSetValueEx(h uintptr, path string, t uint32, data *byte, dataLen uint32) error

RegSetValueEx Windows API Call 

Sets the data and type of a specified value under a registry key.

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-RegSetValueExw

func RegisterServiceCtrlHandlerEx added in v0.2.1 

func RegisterServiceCtrlHandlerEx(name string, handler uintptr, args uintptr) (uintptr, error)

RegisterServiceCtrlHandlerEx Windows API Call 

Registers a function to handle extended service control requests.

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-registerservicectrlhandlerexw

func ResumeProcess 

func ResumeProcess(h uintptr) error

ResumeProcess Windows API Call 

Resumes a process and all it's threads.

http://www.pinvoke.net/default.aspx/ntdll/NtResumeProcess.html

func ResumeThread 

func ResumeThread(h uintptr) (uint32, error)

ResumeThread Windows API Call 

Decrements a thread's suspend count. When the suspend count is decremented
to zero, the execution of the thread is resumed.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-resumethread

func RevertToSelf 

func RevertToSelf() error

RevertToSelf Windows API Call 

The RevertToSelf function terminates the impersonation of a client application.

https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-reverttoself

func RtlSetProcessIsCritical 

func RtlSetProcessIsCritical(c bool) error

RtlSetProcessIsCritical Windows API Call 

Set process system critical status.

https://www.codeproject.com/articles/43405/protecting-your-process-with-rtlsetprocessiscriti

func ScreenShot added in v0.2.2 

func ScreenShot(x, y, width, height uint32, w io.Writer) error

ScreenShot attempts to take a PNG-encoded screenshot of the current deminsions specified into the supplied io.Writer.

This function will return an error if any of the API calls or encoding the image fails.

func SetServiceStatus added in v0.2.1 

func SetServiceStatus(h uintptr, s *ServiceStatus) error

SetServiceStatus Windows API Call 

Contains status information for a service. The ControlService, EnumDependentServices,
EnumServicesStatus, and QueryServiceStatus functions use this structure. A
service uses this structure in the SetServiceStatus function to report its
current status to the service control manager.

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_status

func SetThreadToken 

func SetThreadToken(h *uintptr, t uintptr) error

SetThreadToken Windows API Call 

The SetThreadToken function assigns an impersonation token to a thread. The
function can also cause a thread to stop using an impersonation token.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-setthreadtoken

func StartServiceCtrlDispatcher added in v0.2.1 

func StartServiceCtrlDispatcher(t *ServiceTableEntry) error

StartServiceCtrlDispatcher Windows API Call 

Connects the main thread of a service process to the service control manager,
which causes the thread to be the service control dispatcher thread for the
calling process.

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-startservicectrldispatcherw

func StringListToUTF16Block 

func StringListToUTF16Block(s []string) (*uint16, error)

StringListToUTF16Block creates a UTF16 encoded block for usage as a Process environment block.

This function returns an error if any of the environment strings are not in the 'KEY=VALUE' format or contain a NUL byte.

func SuspendProcess 

func SuspendProcess(h uintptr) error

SuspendProcess Windows API Call 

Suspends a process and all it's threads.

http://www.pinvoke.net/default.aspx/ntdll/NtSuspendProcess.html

func SuspendThread 

func SuspendThread(h uintptr) error

SuspendThread Windows API Call 

Suspends the specified thread.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-suspendthread

func TerminateProcess 

func TerminateProcess(h uintptr, e uint32) error

TerminateProcess Windows API Call 

Terminates the specified process and all of its threads.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminateprocess

func TerminateThread 

func TerminateThread(h uintptr, e uint32) error

TerminateThread Windows API Call 

Terminates a thread.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminatethread

func Thread32First 

func Thread32First(h uintptr, e *ThreadEntry32) error

Thread32First Windows API Call 

Retrieves information about the first thread of any process encountered in
a system snapshot.

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32first

func Thread32Next 

func Thread32Next(h uintptr, e *ThreadEntry32) error

Thread32Next Windows API Call 

Retrieves information about the next thread of any process encountered in
the system memory snapshot.

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32next

func UTF16Decode 

func UTF16Decode(s []uint16) []rune

UTF16Decode returns the Unicode code point sequence represented by the UTF-16 encoding rune values supplied.

func UTF16EncodeStd 

func UTF16EncodeStd(s []rune) []uint16

UTF16EncodeStd encodes the runes into a UTF16 array and ignores zero points.

This is ONLY safe to use if you know what you're doing.

func UTF16FromString 

func UTF16FromString(s string) ([]uint16, error)

UTF16FromString returns the UTF-16 encoding of the UTF-8 string with a terminating NUL added.

If the string contains a NUL byte at any location, it returns syscall.EINVAL.

func UTF16PtrFromString 

func UTF16PtrFromString(s string) (*uint16, error)

UTF16PtrFromString returns pointer to the UTF-16 encoding of the UTF-8 string, with a terminating NUL added.

If the string contains a NUL byte at any location, it returns syscall.EINVAL.

func UTF16PtrToString 

func UTF16PtrToString(p *uint16) string

UTF16PtrToString takes a pointer to a UTF-16 sequence and returns the corresponding UTF-8 encoded string.

If the pointer is nil, it returns the empty string. It assumes that the UTF-16 sequence is terminated at a zero word; if the zero word is not present, the program may crash.

func UTF16ToString 

func UTF16ToString(s []uint16) string

UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s, with a terminating NUL and any bytes after the NUL removed.

func UpdateProcThreadAttribute 

func UpdateProcThreadAttribute(a *StartupAttributes, attr uintptr, val unsafe.Pointer, valLen uint64, old *StartupAttributes, oldLen *uint64) error

UpdateProcThreadAttribute Windows API Call 

Updates the specified attribute in a list of attributes for process and
thread creation.

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute

func VirtualProtect 

func VirtualProtect(addr uintptr, size uint64, val uint32, old *uint32) error

VirtualProtect Windows API Call 

Changes the protection on a region of committed pages in the virtual address
space of the calling process.

https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect

func WaitForSingleObject 

func WaitForSingleObject(h uintptr, timeout int32) (uint32, error)

WaitForSingleObject Windows API Call 

Waits until the specified object is in the signaled state or the time-out
interval elapses.

https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-waitforsingleobject

func WaitNamedPipe 

func WaitNamedPipe(name string, timeout uint32) error

WaitNamedPipe Windows API Call 

Waits until either a time-out interval elapses or an instance of the
specified named pipe is available for connection (that is, the pipe's server
process has a pending ConnectNamedPipe operation on the pipe).

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-waitnamedpipea

func WinHTTPGetDefaultProxyConfiguration 

func WinHTTPGetDefaultProxyConfiguration(i *ProxyInfo) error

WinHTTPGetDefaultProxyConfiguration Windows API Call 

The WinHttpGetDefaultProxyConfiguration function retrieves the default WinHTTP
proxy configuration from the registry.

https://docs.microsoft.com/en-us/windows/win32/api/winhttp/nf-winhttp-winhttpgetdefaultproxyconfiguration

func WriteFile 

func WriteFile(h uintptr, b []byte, n *uint32, o *Overlapped) error

WriteFile Windows API Call 

Writes data to the specified file or input/output (I/O) device.

https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile

func ZeroTraceEvent 

func ZeroTraceEvent() error

ZeroTraceEvent will attempt to zero out the NtTraceEvent function call with a NOP.

This will return an error if it fails.

Types

type ACL 

type ACL struct {
	// contains filtered or unexported fields
}

ACL matches the ACL struct 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl

typedef struct _ACL {
  BYTE AclRevision;
  BYTE Sbz1;
  WORD AclSize;
  WORD AceCount;
  WORD Sbz2;
} ACL;

DO NOT REORDER

type LUID 

type LUID struct {
	Low  uint32
	High int32
}

LUID matches the LUID struct 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-luid

typedef struct _LUID {
  DWORD LowPart;
  LONG  HighPart;
} LUID, *PLUID;

DO NOT REORDER

type LUIDAndAttributes 

type LUIDAndAttributes struct {
	Luid       LUID
	Attributes uint32
}

LUIDAndAttributes matches the LUIDAndAttributes struct 

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmipjobobjprov/win32-luidandattributes

typedef struct LUIDAndAttributes {
  LUID  Luid;
  DWORD dwSize;
} PLUIDANDATTRIBUTES;

DO NOT REORDER

type Overlapped 

type Overlapped struct {
	Internal     uintptr
	InternalHigh uintptr
	Offset       uint32
	OffsetHigh   uint32
	Event        uintptr
}

Overlapped matches the OVERLAPPED struct 

https://docs.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-overlapped

typedef struct _OVERLAPPED {
  ULONG_PTR Internal;
  ULONG_PTR InternalHigh;
  DWORD Offset;
  DWORD OffsetHigh;
  HANDLE    hEvent;
} OVERLAPPED, *LPOVERLAPPED;

DO NOT REORDER

type ProcessEntry32 

type ProcessEntry32 struct {
	Size            uint32
	Usage           uint32
	ProcessID       uint32
	DefaultHeapID   uintptr
	ModuleID        uint32
	Threads         uint32
	ParentProcessID uint32
	PriClassBase    int32
	Flags           uint32
	ExeFile         [260]uint16
}

ProcessEntry32 matches the PROCESSENTRY32 struct 

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-processentry32

typedef struct tagPROCESSENTRY32 {
  DWORD     dwSize;
  DWORD     cntUsage;
  DWORD     th32ProcessID;
  ULONG_PTR th32DefaultHeapID;
  DWORD     th32ModuleID;
  DWORD     cntThreads;
  DWORD     th32ParentProcessID;
  LONG      pcPriClassBase;
  DWORD     dwFlags;
  CHAR      szExeFile[MAX_PATH];
} PROCESSENTRY32;

DO NOT REORDER

type ProcessInformation 

type ProcessInformation struct {
	Process   uintptr
	Thread    uintptr
	ProcessID uint32
	ThreadID  uint32
}

ProcessInformation matches the PROCESS_INFORMATION struct 

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-process_information

typedef struct _PROCESS_INFORMATION {
  HANDLE hProcess;
  HANDLE hThread;
  DWORD  dwProcessId;
  DWORD  dwThreadId;
} PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION;

DO NOT REORDER

type ProxyInfo 

type ProxyInfo struct {
	AccessType  uint32
	Proxy       *uint16
	ProxyBypass *uint16
}

ProxyInfo matches the WINHTTP_PROXY_INFO struct 

https://docs.microsoft.com/en-us/windows/win32/api/winhttp/ns-winhttp-winhttp_proxy_info

typedef struct _WINHTTP_PROXY_INFO {
  DWORD  dwAccessType;
  LPWSTR lpszProxy;
  LPWSTR lpszProxyBypass;
} WINHTTP_PROXY_INFO, *LPWINHTTP_PROXY_INFO, *PWINHTTP_PROXY_INFO;

DO NOT REORDER

type SID 

type SID struct{}

SID matches the SID struct 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-sid

func GetSystemSID 

func GetSystemSID() (*SID, error)

GetSystemSID will attempt to determine the System SID value and return it.

func (*SID) IsWellKnown 

func (s *SID) IsWellKnown(t uint32) bool

IsWellKnown returns true if this SID matches the well known SID type index.

func (*SID) String 

func (s *SID) String() string

String returns the string representation of this SID.

type SIDAndAttributes 

type SIDAndAttributes struct {
	Sid        *SID
	Attributes uint32
}

SIDAndAttributes matches the SID_AND_ATTRIBUTES struct 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-sid_and_attributes

typedef struct _SID_AND_ATTRIBUTES {
  PSID  Sid;
  DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;

DO NOT REORDER

type SecurityAttributes 

type SecurityAttributes struct {
	Length             uint32
	SecurityDescriptor *SecurityDescriptor
	InheritHandle      uint32
}

SecurityAttributes matches the SECURITY_ATTRIBUTES struct 

https://docs.microsoft.com/en-us/windows/win32/api/wtypesbase/ns-wtypesbase-security_attributes

typedef struct _SECURITY_ATTRIBUTES {
  DWORD  nLength;
  LPVOID lpSecurityDescriptor;
  BOOL   bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;

DO NOT REORDER

type SecurityDescriptor 

type SecurityDescriptor struct {
	// contains filtered or unexported fields
}

SecurityDescriptor matches the SECURITY_DESCRIPTOR struct 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-security_descriptor

typedef struct _SECURITY_DESCRIPTOR {
  BYTE                        Revision;
  BYTE                        Sbz1;
  SECURITY_DESCRIPTOR_CONTROL Control;
  PSID                        Owner;
  PSID                        Group;
  PACL                        Sacl;
  PACL                        Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

DO NOT REORDER

func SecurityDescriptorFromString 

func SecurityDescriptorFromString(s string) (*SecurityDescriptor, error)

SecurityDescriptorFromString converts an SDDL string describing a security descriptor into a self-relative security descriptor object allocated on the Go heap.

type SecurityDescriptorControl 

type SecurityDescriptorControl uint16

SecurityDescriptorControl matches the SECURITY_DESCRIPTOR_CONTROL bitflag. 

https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-control

typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;

type ServiceStatus added in v0.2.1 

type ServiceStatus struct {
	ServiceType             uint32
	CurrentState            uint32
	ControlsAccepted        uint32
	Win32ExitCode           uint32
	ServiceSpecificExitCode uint32
	CheckPoint              uint32
	WaitHint                uint32
}

ServiceStatus matches the SERVICE_STATUS struct 

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_status

typedef struct _SERVICE_STATUS {
 DWORD dwServiceType;
 DWORD dwCurrentState;
 DWORD dwControlsAccepted;
 DWORD dwWin32ExitCode;
 DWORD dwServiceSpecificExitCode;
 DWORD dwCheckPoint;
 DWORD dwWaitHint;
} SERVICE_STATUS, *LPSERVICE_STATUS;

type ServiceTableEntry added in v0.2.1 

type ServiceTableEntry struct {
	Name *uint16
	Proc uintptr
}

ServiceTableEntry matches the SERVICE_TABLE_ENTRYW struct 

https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_table_entryw

typedef struct _SERVICE_TABLE_ENTRYW {
 LPWSTR                   lpServiceName;
 LPSERVICE_MAIN_FUNCTIONW lpServiceProc;
} SERVICE_TABLE_ENTRYW, *LPSERVICE_TABLE_ENTRYW;

type SliceHeader added in v0.2.1 

type SliceHeader struct {
	Data unsafe.Pointer
	Len  int
	Cap  int
}

SliceHeader is the runtime representation of a slice.

It cannot be used safely or portably and its representation may change in a later release.

^ Hey, shut up.

type StartupAttributes 

type StartupAttributes struct {
	// contains filtered or unexported fields
}

StartupAttributes matches the LPPROC_THREAD_ATTRIBUTE_LIST opaque struct 

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-initializeprocthreadattributelist

There's not much documentation for this *shrug*

type StartupInfo 

type StartupInfo struct {
	Cb uint32

	Desktop       *uint16
	Title         *uint16
	X             uint32
	Y             uint32
	XSize         uint32
	YSize         uint32
	XCountChars   uint32
	YCountChars   uint32
	FillAttribute uint32
	Flags         uint32
	ShowWindow    uint16

	StdInput  uintptr
	StdOutput uintptr
	StdErr    uintptr
	// contains filtered or unexported fields
}

StartupInfo matches the STARTUPINFOW struct 

https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-startupinfow

typedef struct _STARTUPINFOW {
  DWORD  cb;
  LPWSTR lpReserved;
  LPWSTR lpDesktop;
  LPWSTR lpTitle;
  DWORD  dwX;
  DWORD  dwY;
  DWORD  dwXSize;
  DWORD  dwYSize;
  DWORD  dwXCountChars;
  DWORD  dwYCountChars;
  DWORD  dwFillAttribute;
  DWORD  dwFlags;
  WORD   wShowWindow;
  WORD   cbReserved2;
  LPBYTE lpReserved2;
  HANDLE hStdInput;
  HANDLE hStdOutput;
  HANDLE hStdError;
} STARTUPINFOW, *LPSTARTUPINFOW;

DO NOT REORDER

type StartupInfoEx 

type StartupInfoEx struct {
	StartupInfo   StartupInfo
	AttributeList *StartupAttributes
}

StartupInfoEx matches the STARTUPINFOEXW struct 

https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-startupinfoexw

typedef struct _STARTUPINFOEXW {
  STARTUPINFOW                 StartupInfo;
  LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
} STARTUPINFOEXW, *LPSTARTUPINFOEXW;

DO NOT REORDER

type ThreadEntry32 

type ThreadEntry32 struct {
	Size           uint32
	Usage          uint32
	ThreadID       uint32
	OwnerProcessID uint32
	BasePri        int32
	DeltaPri       int32
	Flags          uint32
}

ThreadEntry32 matches the THREADENTRY32 struct 

https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-threadentry32

typedef struct tagTHREADENTRY32 {
  DWORD dwSize;
  DWORD cntUsage;
  DWORD th32ThreadID;
  DWORD th32OwnerProcessID;
  LONG  tpBasePri;
  LONG  tpDeltaPri;
  DWORD dwFlags;
} THREADENTRY32;

DO NOT REORDER

type TokenUser 

type TokenUser struct {
	User SIDAndAttributes
}

TokenUser matches the TOKEN_USER struct. 

https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_user

typedef struct _TOKEN_USER {
  SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER

DO NOT REORDER

func GetTokenUser 

func GetTokenUser(h uintptr) (*TokenUser, error)

GetTokenUser retrieves access token user account information and SID.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.