Documentation
¶
Index ¶
- Constants
- Variables
- func ActiveDisplays() (uint32, error)
- func AdjustTokenPrivileges(h uintptr, disableAll bool, new unsafe.Pointer, newLen uint32, ...) error
- func BlockInput(e bool) error
- func CancelIoEx(h uintptr, o *Overlapped) error
- func CheckDebugWithLoad(d string) bool
- func CheckRemoteDebuggerPresent(h uintptr, b *bool) error
- func CloseHandle(h uintptr) error
- func CloseWindow(h uintptr) error
- func ConnectNamedPipe(h uintptr, o *Overlapped) error
- func CreateEvent(sa *SecurityAttributes, manual, initial bool, name string) (uintptr, error)
- func CreateFile(name string, access, mode uint32, sa *SecurityAttributes, ...) (uintptr, error)
- func CreateMailslot(name string, maxSize uint32, timeout int32, sa *SecurityAttributes) (uintptr, error)
- func CreateMutex(sa *SecurityAttributes, initial bool, name string) (uintptr, error)
- func CreateNamedPipe(name string, flags, mode, max, out, in, timeout uint32, sa *SecurityAttributes) (uintptr, error)
- func CreateProcess(name, cmd string, procSa, threadSa *SecurityAttributes, inherit bool, ...) error
- func CreateProcessWithLogin(user, domain, pass string, loginFlags uint32, name, cmd string, flags uint32, ...) error
- func CreateProcessWithToken(t uintptr, loginFlags uint32, name, cmd string, flags uint32, env []string, ...) error
- func CreateSemaphore(sa *SecurityAttributes, initial, max uint32, name string) (uintptr, error)
- func CreateToolhelp32Snapshot(flags, pid uint32) (uintptr, error)
- func DeleteProcThreadAttributeList(a *StartupAttributes) error
- func DisconnectNamedPipe(h uintptr) error
- func DisplayBounds(i uint32) (image.Rectangle, error)
- func DuplicateHandle(srcProc, src, dstProc uintptr, dst *uintptr, access uint32, inherit bool, ...) error
- func DuplicateTokenEx(h uintptr, access uint32, sa *SecurityAttributes, level, p uint32, ...) error
- func EmptyWorkingSet()
- func EnablePrivileges(s ...string) error
- func EnableTokenPrivileges(h uintptr, s ...string) error
- func EnableWindow(h uintptr, e bool) (bool, error)
- func ForEachThread(f func(uintptr) error) error
- func GetCurrentProcessID() uint32
- func GetDebugPrivilege() error
- func GetExitCodeProcess(h uintptr, e *uint32) error
- func GetExitCodeThread(h uintptr, e *uint32) error
- func GetLogicalDrives() (uint32, error)
- func GetOverlappedResult(h uintptr, o *Overlapped, n *uint32, w bool) error
- func GetProcessFileName(h uintptr) (string, error)
- func GetProcessID(h uintptr) (uint32, error)
- func GetSystemDirectory() (string, error)
- func GetTokenInformation(t uintptr, class uint32, info *byte, length uint32, ret *uint32) error
- func GetVersion() (uint32, error)
- func ImpersonateLoggedOnUser(h uintptr) error
- func ImpersonateNamedPipeClient(h uintptr) error
- func ImpersonatePipeToken(h uintptr) error
- func InitializeProcThreadAttributeList(a *StartupAttributes, count uint32, size *uint64, expected uint64) error
- func IsDebuggerPresent() bool
- func IsTokenElevated(h uintptr) bool
- func IsUserLoginToken(t uintptr) bool
- func KillRuntime()
- func LoadDLL(s string) (uintptr, error)
- func LoadLibraryAddress() uintptr
- func LoadLibraryEx(s string, flags uintptr) (uintptr, error)
- func LoginUser(user, domain, pass string, logintype, provider uint32) (uintptr, error)
- func LookupPrivilegeValue(system, name string, l *LUID) error
- func MessageBox(h uintptr, text, title string, f uint32) (uint32, error)
- func MiniDumpWriteDump(h uintptr, pid uint32, o uintptr, f uint32, w io.Writer) error
- func NtAllocateVirtualMemory(h uintptr, size, access uint32) (uintptr, error)
- func NtCreateThreadEx(h, address, args uintptr, suspended bool) (uintptr, error)
- func NtFreeVirtualMemory(h, address uintptr) error
- func NtProtectVirtualMemory(h, address uintptr, size, access uint32) (uint32, error)
- func NtWriteVirtualMemory(h, address uintptr, b []byte) (uint32, error)
- func OpenEvent(access uint32, inherit bool, name string) (uintptr, error)
- func OpenMutex(access uint32, inherit bool, name string) (uintptr, error)
- func OpenProcess(access uint32, inherit bool, pid uint32) (uintptr, error)
- func OpenProcessToken(h uintptr, access uint32, res *uintptr) error
- func OpenSemaphore(access uint32, inherit bool, name string) (uintptr, error)
- func OpenThread(access uint32, inherit bool, tid uint32) (uintptr, error)
- func OpenThreadToken(h uintptr, access uint32, self bool, t *uintptr) error
- func Process32First(h uintptr, e *ProcessEntry32) error
- func Process32Next(h uintptr, e *ProcessEntry32) error
- func QueryServiceDynamicInformation(h uintptr, l uint32) (uint32, error)
- func ReadFile(h uintptr, b []byte, n *uint32, o *Overlapped) error
- func RegCreateKeyEx(h uintptr, path, class string, options, access uint32, sa *SecurityAttributes, ...) error
- func RegDeleteKey(h uintptr, path string) error
- func RegDeleteKeyEx(h uintptr, path string, f uint32) error
- func RegDeleteTree(h uintptr, path string) error
- func RegDeleteValue(h uintptr, path string) error
- func RegEnumValue(h uintptr, index uint32, path *uint16, pathLen, valType *uint32, data *byte, ...) error
- func RegSetValueEx(h uintptr, path string, t uint32, data *byte, dataLen uint32) error
- func RegisterServiceCtrlHandlerEx(name string, handler uintptr, args uintptr) (uintptr, error)
- func ResumeProcess(h uintptr) error
- func ResumeThread(h uintptr) (uint32, error)
- func RevertToSelf() error
- func RtlSetProcessIsCritical(c bool) (bool, error)
- func ScreenShot(x, y, width, height uint32, w io.Writer) error
- func SendInput(h uintptr, s string) error
- func SetForegroundWindow(h uintptr) error
- func SetHighContrast(e bool) error
- func SetServiceStatus(h uintptr, s *ServiceStatus) error
- func SetThreadToken(h *uintptr, t uintptr) error
- func SetWallpaper(s string) error
- func SetWindowPos(h uintptr, x, y, width, height int32) error
- func SetWindowTransparency(h uintptr, t uint8) error
- func ShowWindow(h uintptr, t uint8) (bool, error)
- func StartServiceCtrlDispatcher(t *ServiceTableEntry) error
- func StringListToUTF16Block(s []string) (*uint16, error)
- func SuspendProcess(h uintptr) error
- func SuspendThread(h uintptr) (uint32, error)
- func SwapMouseButtons(e bool) error
- func TerminateProcess(h uintptr, e uint32) error
- func TerminateThread(h uintptr, e uint32) error
- func Thread32First(h uintptr, e *ThreadEntry32) error
- func Thread32Next(h uintptr, e *ThreadEntry32) error
- func UTF16Decode(s []uint16) []rune
- func UTF16EncodeStd(s []rune) []uint16
- func UTF16FromString(s string) ([]uint16, error)
- func UTF16PtrFromString(s string) (*uint16, error)
- func UTF16PtrToString(p *uint16) string
- func UTF16ToString(s []uint16) string
- func Untrust(p uint32) error
- func UpdateProcThreadAttribute(a *StartupAttributes, attr uintptr, val unsafe.Pointer, valLen uint64, ...) error
- func UserFromToken(h uintptr) (string, error)
- func WaitForSingleObject(h uintptr, timeout int32) (uint32, error)
- func WaitNamedPipe(name string, timeout uint32) error
- func WinHTTPGetDefaultProxyConfiguration(i *ProxyInfo) error
- func WriteFile(h uintptr, b []byte, n *uint32, o *Overlapped) error
- func ZeroTraceEvent() error
- type ACL
- type LUID
- type LUIDAndAttributes
- type Overlapped
- type ProcessEntry32
- type ProcessInformation
- type ProxyInfo
- type SID
- type SIDAndAttributes
- type SecurityAttributes
- type SecurityDescriptor
- type SecurityDescriptorControl
- type ServiceStatus
- type ServiceTableEntry
- type SliceHeader
- type StartupAttributes
- type StartupInfo
- type StartupInfoEx
- type ThreadEntry32
- type TokenUser
- type Window
- Bugs
Constants ¶
const ( ErrNoData syscall.Errno = 232 ErrPipeBusy syscall.Errno = 231 ErrIoPending syscall.Errno = 997 ErrBrokenPipe syscall.Errno = 109 ErrSemTimeout syscall.Errno = 121 ErrBadPathname syscall.Errno = 161 ErrInvalidName syscall.Errno = 123 ErrNoMoreFiles syscall.Errno = 18 ErrIoIncomplete syscall.Errno = 996 ErrFileNotFound syscall.Errno = 2 ErrPipeConnected syscall.Errno = 535 ErrOperationAborted syscall.Errno = 995 ErrInsufficientBuffer syscall.Errno = 122 )
Windows API Specific syscall error values.
const ( // SwHide hides the window and activates another window. SwHide uint8 = iota // SwNormal activates and displays a window. If the window is minimized or // maximized, the system restores it to its original size and position. An // application should specify this flag when displaying the window for the // first time. SwNormal // SwMinimized activates the window and displays it as a minimized window. SwMinimized // SwMaximize activates the window and displays it as a maximized window. SwMaximize // SwNoActive displays a window in its most recent size and position. This // value is similar to SwNormal, except that the window is not activated. SwNoActive // SwShow activates the window and displays it in its current size and // position. SwShow // SwMinimize minimizes the specified window and activates the next top-level // window in the Z order. SwMinimize // SwMinimizeNoActive displays the window as a minimized window. This value // is similar to SwMinimizeNoActive, except the window is not activated. SwMinimizeNoActive // SwShowNoActive displays the window in its current size and position. // This value is similar to SwShow, except that the window is not activated. SwShowNoActive // SwRestore activates and displays the window. If the window is minimized // or maximized, the system restores it to its original size and position. // An application should specify this flag when restoring a minimized window. SwRestore // SwDefault sets the show state based on the SW_ value specified in the // STARTUPINFO structure passed to the CreateProcess function by the program // that started the application. SwDefault // SwMinimizeForce minimizes a window, even if the thread that owns the // window is not responding. This flag should only be used when minimizing // windows from a different thread. SwMinimizeForce )
Variables ¶
var ( // CurrentThread returns the handle for the current thread. It is a pseudo // handle that does not need to be closed. CurrentThread = ^uintptr(2 - 1) // CurrentProcess returns the handle for the current process. It is a pseudo // handle that does not need to be closed. CurrentProcess = ^uintptr(0) )
Functions ¶
func ActiveDisplays ¶ added in v0.2.2
ActiveDisplays returns the count of current active displays enabled on the device.
This function returns an error if any error occurs when retriving the display count.
func AdjustTokenPrivileges ¶
func AdjustTokenPrivileges(h uintptr, disableAll bool, new unsafe.Pointer, newLen uint32, old unsafe.Pointer, oldLen *uint32) error
AdjustTokenPrivileges Windows API Call
The AdjustTokenPrivileges function enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.
func BlockInput ¶ added in v0.3.0
BlockInput Windows API Call
Blocks keyboard and mouse input events from reaching applications.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-blockinput
func CancelIoEx ¶
func CancelIoEx(h uintptr, o *Overlapped) error
CancelIoEx Windows API Call
Marks any outstanding I/O operations for the specified file handle. The function only cancels I/O operations in the current process, regardless of which thread created the I/O operation.
https://docs.microsoft.com/en-us/windows/win32/fileio/cancelioex-func
func CheckDebugWithLoad ¶ added in v0.3.1
CheckDebugWithLoad will attempt to check for a debugger by loading a non-loaded DLL specified and will check for exclusive access (which is false for debuggers).
If the file can be opened, the library is freed and the file is closed. This will return true ONLY if opening for exclusive access fails.
Any errors opening or loading DLLs will silently return false.
func CheckRemoteDebuggerPresent ¶
CheckRemoteDebuggerPresent Windows API Call
Determines whether the specified process is being debugged.
https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-checkremotedebuggerpresent
func CloseHandle ¶
CloseHandle Windows API Call
Closes an open object handle.
https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle
func CloseWindow ¶ added in v0.3.2
CloseWindow is a helper function that sends the WM_DESTROY to the supplied Window handle.
If the value of h is 0, this will target ALL FOUND WINDOWS.
func ConnectNamedPipe ¶
func ConnectNamedPipe(h uintptr, o *Overlapped) error
ConnectNamedPipe Windows API Call
Enables a named pipe server process to wait for a client process to connect to an instance of a named pipe. A client process connects by calling either the CreateFile or CallNamedPipe function.
https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-connectnamedpipe
func CreateEvent ¶
func CreateEvent(sa *SecurityAttributes, manual, initial bool, name string) (uintptr, error)
CreateEvent Windows API Call
Creates or opens a named or unnamed event object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateEventw
func CreateFile ¶
func CreateFile(name string, access, mode uint32, sa *SecurityAttributes, disposition, attrs uint32, template uintptr) (uintptr, error)
CreateFile Windows API Call
Creates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, and pipe. The function returns a handle that can be used to access the file or device for various types of I/O depending on the file or device and the flags and attributes specified.
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew
func CreateMailslot ¶
func CreateMailslot(name string, maxSize uint32, timeout int32, sa *SecurityAttributes) (uintptr, error)
CreateMailslot Windows API Call
Creates a mailslot with the specified name and returns a handle that a mailslot server can use to perform operations on the mailslot. The mailslot is local to the computer that creates it. An error occurs if a mailslot with the specified name already exists.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createmailslotw
func CreateMutex ¶
func CreateMutex(sa *SecurityAttributes, initial bool, name string) (uintptr, error)
CreateMutex Windows API Call
Creates or opens a named or unnamed mutex object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateMutexw
func CreateNamedPipe ¶
func CreateNamedPipe(name string, flags, mode, max, out, in, timeout uint32, sa *SecurityAttributes) (uintptr, error)
CreateNamedPipe Windows API Call
Creates an instance of a named pipe and returns a handle for subsequent pipe operations. A named pipe server process uses this function either to create the first instance of a specific named pipe and establish its basic attributes or to create a new instance of an existing named pipe.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea
func CreateProcess ¶
func CreateProcess(name, cmd string, procSa, threadSa *SecurityAttributes, inherit bool, flags uint32, env []string, dir string, y *StartupInfo, x *StartupInfoEx, i *ProcessInformation) error
CreateProcess Windows API Call
Creates a new process and its primary thread. The new process runs in the security context of the calling process.
func CreateProcessWithLogin ¶ added in v0.3.0
func CreateProcessWithLogin(user, domain, pass string, loginFlags uint32, name, cmd string, flags uint32, env []string, dir string, y *StartupInfo, x *StartupInfoEx, i *ProcessInformation) error
CreateProcessWithLogin Windows API Call
Creates a new process and its primary thread. Then the new process runs the specified executable file in the security context of the specified credentials (user, domain, and password). It can optionally load the user profile for a specified user.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw
func CreateProcessWithToken ¶
func CreateProcessWithToken(t uintptr, loginFlags uint32, name, cmd string, flags uint32, env []string, dir string, y *StartupInfo, x *StartupInfoEx, i *ProcessInformation) error
CreateProcessWithToken Windows API Call
Creates a new process and its primary thread. The new process runs in the security context of the specified token. It can optionally load the user profile for the specified user.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw
func CreateSemaphore ¶
func CreateSemaphore(sa *SecurityAttributes, initial, max uint32, name string) (uintptr, error)
CreateSemaphore Windows API Call
Creates or opens a named or unnamed semaphore object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-CreateSemaphorew
func CreateToolhelp32Snapshot ¶
CreateToolhelp32Snapshot Windows API Call
Takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot
func DeleteProcThreadAttributeList ¶
func DeleteProcThreadAttributeList(a *StartupAttributes) error
DeleteProcThreadAttributeList Windows API Call
Deletes the specified list of attributes for process and thread creation.
func DisconnectNamedPipe ¶
DisconnectNamedPipe Windows API Call
Disconnects the server end of a named pipe instance from a client process.
https://docs.microsoft.com/en-us/windows/win32/api/namedpipeapi/nf-namedpipeapi-disconnectnamedpipe
func DisplayBounds ¶ added in v0.2.2
DisplayBounds returns the bounds of the supplied display index.
This function will return the bounds of the first monitor if the index is out of bounds of the current display count.
func DuplicateHandle ¶
func DuplicateHandle(srcProc, src, dstProc uintptr, dst *uintptr, access uint32, inherit bool, options uint32) error
DuplicateHandle Windows API Call
Duplicates an object handle.
https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-duplicatehandle
func DuplicateTokenEx ¶
func DuplicateTokenEx(h uintptr, access uint32, sa *SecurityAttributes, level, p uint32, new *uintptr) error
DuplicateTokenEx Windows API Call
The DuplicateTokenEx function creates a new access token that duplicates an existing token. This function can create either a primary token or an impersonation token.
func EmptyWorkingSet ¶ added in v0.3.0
func EmptyWorkingSet()
EmptyWorkingSet Windows API Call wrapper
Removes as many pages as possible from the working set of the specified process.
https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-emptyworkingset
Wraps the 'SetProcessWorkingSetSizeEx' call instead to prevent having to track the 'EmptyWorkingSet' function between kernel32.dll and psapi.dll.
func EnablePrivileges ¶ added in v0.3.1
EnablePrivileges will attempt to enable the supplied Windows privilege values on the current process's Token.
Errors during encoding, lookup or assignment will be returned and not all privileges will be assigned, if they occur.
func EnableTokenPrivileges ¶ added in v0.3.1
EnableTokenPrivileges will attempt to enable the supplied Windows privilege values on the supplied process Token.
Errors during encoding, lookup or assignment will be returned and not all privileges will be assigned, if they occur.
func EnableWindow ¶ added in v0.3.0
EnableWindow Windows API Call
Enables or disables mouse and keyboard input to the specified window or control. When input is disabled, the window does not receive input such as mouse clicks and key presses. When input is enabled, the window receives all input.
The resulting boolean is if the window was previously enabled, or false if it was disabled. (This value is alaways false if 'AllWindows'/0 is passed as the handle.)
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-enablewindow
If the value of h is 0, this will target ALL FOUND WINDOWS.
func ForEachThread ¶ added in v0.3.1
ForEachThread is a helper function that allows a function to be executed with the handle of the Thread.
This function only returns an error if enumerating the Threads generates an error or the supplied function returns an error.
func GetCurrentProcessID ¶
func GetCurrentProcessID() uint32
GetCurrentProcessID Windows API Call
Retrieves the process identifier of the calling process.
func GetDebugPrivilege ¶
func GetDebugPrivilege() error
GetDebugPrivilege is a quick helper function that will attempt to grant the caller the "SeDebugPrivilege" privilege.
func GetExitCodeProcess ¶
GetExitCodeProcess Windows API Call
Retrieves the termination status of the specified process.
func GetExitCodeThread ¶
GetExitCodeThread Windows API Call
Retrieves the termination status of the specified thread.
func GetLogicalDrives ¶
GetLogicalDrives Windows API Call
Retrieves a bitmask representing the currently available disk drives.
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getlogicaldrives
func GetOverlappedResult ¶
func GetOverlappedResult(h uintptr, o *Overlapped, n *uint32, w bool) error
GetOverlappedResult Windows API Call
Retrieves the results of an overlapped operation on the specified file, named pipe, or communications device. To specify a timeout interval or wait on an alertable thread, use GetOverlappedResultEx.
https://docs.microsoft.com/en-us/windows/win32/api/ioapiset/nf-ioapiset-getoverlappedresult
func GetProcessFileName ¶
GetProcessFileName will attempt to retrive the basename of the process related to the open Process handle supplied.
func GetProcessID ¶
GetProcessID Windows API Call
Retrieves the process identifier of the specified process.
func GetSystemDirectory ¶
GetSystemDirectory Windows API Call
Retrieves the path of the system directory. The system directory contains system files such as dynamic-link libraries and drivers.
https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getsystemdirectoryw
func GetTokenInformation ¶
GetTokenInformation Windows API Call
The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
func GetVersion ¶
GetVersion Windows API Call
With the release of Windows 8.1, the behavior of the GetVersion API has changed in the value it will return for the operating system version. The value returned by the GetVersion function now depends on how the application is manifested. Applications not manifested for Windows 8.1 or Windows 10 will return the Windows 8 OS version value (6.2). Once an application is manifested for a given operating system version, GetVersion will always return the version that the application is manifested for in future releases.
https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getversion
func ImpersonateLoggedOnUser ¶ added in v0.3.0
ImpersonateLoggedOnUser Windows API Call
The ImpersonateLoggedOnUser function lets the calling thread impersonate the security context of a logged-on user. The user is represented by a token handle.
func ImpersonateNamedPipeClient ¶
ImpersonateNamedPipeClient Windows API Call
The ImpersonateNamedPipeClient function impersonates a named-pipe client application.
func ImpersonatePipeToken ¶ added in v0.3.1
ImpersonatePipeToken will attempt to impersonate the Token used by the Named Pipe client.
This function is only usable on Windows with a Server Pipe handle.
func InitializeProcThreadAttributeList ¶
func InitializeProcThreadAttributeList(a *StartupAttributes, count uint32, size *uint64, expected uint64) error
InitializeProcThreadAttributeList Windows API Call
Initializes the specified list of attributes for process and thread creation.
func IsDebuggerPresent ¶
func IsDebuggerPresent() bool
IsDebuggerPresent Windows API Call
Determines whether the calling process is being debugged by a user-mode debugger.
https://docs.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-isdebuggerpresent
func IsTokenElevated ¶
IsTokenElevated returns true if this token has a High or System privileges.
func IsUserLoginToken ¶ added in v0.3.0
IsUserLoginToken will return true if the origion of the Token was a LoginUser API call and NOT a duplicated token via Impersonation.
func KillRuntime ¶ added in v0.2.5
func KillRuntime()
KillRuntime attempts to walk through the process threads and will forcefully kill all Golang based OS-Threads based on their starting address (which should be the same when starting from CGo).
This will attempt to determine the base thread and any children that may be running and take action on what type of host we're in to best end the runtime without crashing.
This function can be used on binaries, shared libaries or Zombified processes.
DO NOT EXPECT ANYTHING (INCLUDING DEFERS) TO HAPPEN AFTER THIS FUNCTION.
func LoadDLL ¶
LoadDLL loads DLL file into memory.
This function will attempt to load non-absolute paths from the system dependent DLL directory (usually system32).
func LoadLibraryAddress ¶
func LoadLibraryAddress() uintptr
LoadLibraryAddress is a simple function that returns the raw address of the 'LoadLibraryW' function in 'kernel32.dll' that's currently loaded.
func LoadLibraryEx ¶
LoadLibraryEx Windows API Call
Loads the specified module into the address space of the calling process. The specified module may cause other modules to be loaded.
https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw
func LoginUser ¶ added in v0.3.0
LoginUser Windows API Call
The LogonUser function attempts to log a user on to the local computer. The local computer is the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. You specify the user with a user name and domain and authenticate the user with a plaintext password. If the function succeeds, you receive a handle to a token that represents the logged-on user. You can then use this token handle to impersonate the specified user or, in most cases, to create a process that runs in the context of the specified user.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonuserw
func LookupPrivilegeValue ¶
LookupPrivilegeValue Windows API Call
The LookupPrivilegeValue function retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name.
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lookupprivilegevaluew
func MessageBox ¶ added in v0.3.2
MessageBox Windows API Call
Displays a modal dialog box that contains a system icon, a set of buttons, and a brief application-specific message, such as status or error information. The message box returns an integer value that indicates which button the user clicked.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-messageboxw
func MiniDumpWriteDump ¶ added in v0.2.2
MiniDumpWriteDump Windows API Call
Writes user-mode minidump information to the specified file handle.
Updated version that will take and use the supplied Writer instead of the file handle is zero.
NOTE(dij): Fixes a bug where dumps to a os.Pipe interface would not be
written correctly!?
Base-rework and re-write seeing how others have done. Optimized
to be faster and less error-prone than the Sliver implimtation. :P
func NtAllocateVirtualMemory ¶
NtAllocateVirtualMemory Windows API Call
The NtAllocateVirtualMemory routine reserves, commits, or both, a region of pages within the user-mode virtual address space of a specified process.
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntallocatevirtualmemory
func NtCreateThreadEx ¶
NtCreateThreadEx Windows API Call
Creates a thread that runs in the virtual address space of another process and optionally specifies extended attributes such as processor group affinity.
func NtFreeVirtualMemory ¶
NtFreeVirtualMemory Windows API Call
The NtFreeVirtualMemory routine releases, decommits, or both releases and decommits, a region of pages within the virtual address space of a specified process.
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntfreevirtualmemory
func NtProtectVirtualMemory ¶
NtProtectVirtualMemory Windows API Call
Changes the protection on a region of committed pages in the virtual address space of a specified process.
http://pinvoke.net/default.aspx/ntdll/NtProtectVirtualMemory.html
func NtWriteVirtualMemory ¶
NtWriteVirtualMemory Windows API Call
This function copies the specified address range from the current process into the specified address range of the specified process.
http://www.codewarrior.cn/ntdoc/winnt/mm/NtWriteVirtualMemory.htm
func OpenEvent ¶
OpenEvent Windows API Call
Opens an existing named event object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-openeventw
func OpenMutex ¶
OpenMutex Windows API Call
Opens an existing named mutex object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-OpenMutexw
func OpenProcessToken ¶
OpenProcessToken Windows API Call
The OpenProcessToken function opens the access token associated with a process.
func OpenSemaphore ¶
OpenSemaphore Windows API Call
Opens an existing named semaphore object.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-OpenSemaphorew
func OpenThread ¶
OpenThread Windows API Call
Opens an existing thread object.
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread
func OpenThreadToken ¶
OpenThreadToken Windows API Call
The OpenThreadToken function opens the access token associated with a thread.
func Process32First ¶
func Process32First(h uintptr, e *ProcessEntry32) error
Process32First Windows API Call
Retrieves information about the next process recorded in a system snapshot.
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32next
func Process32Next ¶
func Process32Next(h uintptr, e *ProcessEntry32) error
Process32Next Windows API Call
Retrieves information about the next process recorded in a system snapshot.
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32nextw
func QueryServiceDynamicInformation ¶ added in v0.2.1
QueryServiceDynamicInformation Windows API Call
Retrieves dynamic information related to the current service start.
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-queryservicedynamicinformation
func ReadFile ¶
func ReadFile(h uintptr, b []byte, n *uint32, o *Overlapped) error
ReadFile Windows API Call
Reads data from the specified file or input/output (I/O) device. Reads occur at the position specified by the file pointer if supported by the device.
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile
func RegCreateKeyEx ¶
func RegCreateKeyEx(h uintptr, path, class string, options, access uint32, sa *SecurityAttributes, out *uintptr, result *uint32) error
RegCreateKeyEx Windows API Call
Creates the specified registry key. If the key already exists, the function opens it. Note that key names are not case sensitive.
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regcreatekeyexw
func RegDeleteKey ¶
RegDeleteKey Windows API Call
Deletes a subkey and its values. Note that key names are not case sensitive. ONLY DELETES EMPTY SUBKEYS. (invalid argument if non-empty)
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletekeyw
func RegDeleteKeyEx ¶ added in v0.2.3
RegDeleteKeyEx Windows API Call
Deletes a subkey and its values. Note that key names are not case sensitive. ONLY DELETES EMPTY SUBKEYS. (invalid argument if non-empty)
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletekeyexw
func RegDeleteTree ¶ added in v0.2.3
RegDeleteTree Windows API Call
Deletes the subkeys and values of the specified key recursively.
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletetreew
func RegDeleteValue ¶
RegDeleteValue Windows API Call
Removes a named value from the specified registry key. Note that value names are not case sensitive.
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regdeletevaluew
func RegEnumValue ¶
func RegEnumValue(h uintptr, index uint32, path *uint16, pathLen, valType *uint32, data *byte, dataLen *uint32) error
RegEnumValue Windows API Call
Enumerates the values for the specified open registry key. The function copies one indexed value name and data block for the key each time it is called.
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regenumvaluew
func RegSetValueEx ¶
RegSetValueEx Windows API Call
Sets the data and type of a specified value under a registry key.
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-RegSetValueExw
func RegisterServiceCtrlHandlerEx ¶ added in v0.2.1
RegisterServiceCtrlHandlerEx Windows API Call
Registers a function to handle extended service control requests.
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-registerservicectrlhandlerexw
func ResumeProcess ¶
ResumeProcess Windows API Call
Resumes a process and all it's threads.
http://www.pinvoke.net/default.aspx/ntdll/NtResumeProcess.html
func ResumeThread ¶
ResumeThread Windows API Call
Decrements a thread's suspend count. When the suspend count is decremented to zero, the execution of the thread is resumed.
func RevertToSelf ¶
func RevertToSelf() error
RevertToSelf Windows API Call
The RevertToSelf function terminates the impersonation of a client application.
https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-reverttoself
func RtlSetProcessIsCritical ¶
RtlSetProcessIsCritical Windows API Call
Set process system critical status. Returns the last Critical status.
https://www.codeproject.com/articles/43405/protecting-your-process-with-rtlsetprocessiscriti
func ScreenShot ¶ added in v0.2.2
ScreenShot attempts to take a PNG-encoded screenshot of the current deminsions specified into the supplied io.Writer.
This function will return an error if any of the API calls or encoding the image fails.
func SendInput ¶ added in v0.3.2
SendInput will attempt to set the window 'h' to the front (activate) and will perform input typing of the supplied string as input events.
The window handle can be zero to ignore targeting a window.
func SetForegroundWindow ¶ added in v0.3.2
SetForegroundWindow Windows API Call
Brings the thread that created the specified window into the foreground and activates the window. Keyboard input is directed to the window, and various visual cues are changed for the user. The system assigns a slightly higher priority to the thread that created the foreground window than it does to other threads.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setforegroundwindow
func SetHighContrast ¶ added in v0.3.0
SetHighContrast uses the 'SystemParametersInfo' API call to trigger the HighContrast theme setting. Set to 'True' to enable it and 'False' to disbale it.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-systemparametersinfoa
func SetServiceStatus ¶ added in v0.2.1
func SetServiceStatus(h uintptr, s *ServiceStatus) error
SetServiceStatus Windows API Call
Contains status information for a service. The ControlService, EnumDependentServices, EnumServicesStatus, and QueryServiceStatus functions use this structure. A service uses this structure in the SetServiceStatus function to report its current status to the service control manager.
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_status
func SetThreadToken ¶
SetThreadToken Windows API Call
The SetThreadToken function assigns an impersonation token to a thread. The function can also cause a thread to stop using an impersonation token.
func SetWallpaper ¶ added in v0.3.0
SetWallpaper uses the 'SystemParametersInfo' API call to set the user's wallpaper. Changes take effect immediately.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-systemparametersinfoa
func SetWindowPos ¶ added in v0.3.2
SetWindowPos Windows API Call
Changes the size, position, and Z order of a child, pop-up, or top-level window. These windows are ordered according to their appearance on the screen. The topmost window receives the highest rank and is the first window in the Z order.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowpos
Use '-1' for both the 'x' and 'y' arguments to ignore changing the position and just change the size OR use '-1' for both the 'width' and 'height' arguments to only change the window position.
This implementation does NOT change the active state of Z index of the window.
func SetWindowTransparency ¶ added in v0.3.0
SetWindowTransparency will attempt to set the transparency of the window handle to 0-255, 0 being completely transparent and 255 being opaque.
If the value of h is 0, this will target ALL FOUND WINDOWS.
func ShowWindow ¶ added in v0.3.2
ShowWindow Windows API Call
Sets the specified window's show state.
The provided Sw* constants can be used to specify a show type.
The resulting boolean is if the window was previously shown, or false if it was hidden. (This value is alaways false if 'AllWindows'/0 is passed as the handle.)
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow
If the value of h is 0, this will target ALL FOUND WINDOWS.
func StartServiceCtrlDispatcher ¶ added in v0.2.1
func StartServiceCtrlDispatcher(t *ServiceTableEntry) error
StartServiceCtrlDispatcher Windows API Call
Connects the main thread of a service process to the service control manager, which causes the thread to be the service control dispatcher thread for the calling process.
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nf-winsvc-startservicectrldispatcherw
func StringListToUTF16Block ¶
StringListToUTF16Block creates a UTF16 encoded block for usage as a Process environment block.
This function returns an error if any of the environment strings are not in the 'KEY=VALUE' format or contain a NUL byte.
func SuspendProcess ¶
SuspendProcess Windows API Call
Suspends a process and all it's threads.
http://www.pinvoke.net/default.aspx/ntdll/NtSuspendProcess.html
func SwapMouseButtons ¶ added in v0.3.0
SwapMouseButtons uses the 'SystemParametersInfo' API call to trigger the swapping of the left and right mouse buttons. Set to 'True' to swap and 'False' to disable it.
https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-systemparametersinfoa
func TerminateProcess ¶
TerminateProcess Windows API Call
Terminates the specified process and all of its threads.
func Thread32First ¶
func Thread32First(h uintptr, e *ThreadEntry32) error
Thread32First Windows API Call
Retrieves information about the first thread of any process encountered in a system snapshot.
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32first
func Thread32Next ¶
func Thread32Next(h uintptr, e *ThreadEntry32) error
Thread32Next Windows API Call
Retrieves information about the next thread of any process encountered in the system memory snapshot.
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32next
func UTF16Decode ¶
UTF16Decode returns the Unicode code point sequence represented by the UTF-16 encoding rune values supplied.
func UTF16EncodeStd ¶
UTF16EncodeStd encodes the runes into a UTF16 array and ignores zero points.
This is ONLY safe to use if you know what you're doing.
func UTF16FromString ¶
UTF16FromString returns the UTF-16 encoding of the UTF-8 string with a terminating NUL added.
If the string contains a NUL byte at any location, it returns syscall.EINVAL.
func UTF16PtrFromString ¶
UTF16PtrFromString returns pointer to the UTF-16 encoding of the UTF-8 string, with a terminating NUL added.
If the string contains a NUL byte at any location, it returns syscall.EINVAL.
func UTF16PtrToString ¶
UTF16PtrToString takes a pointer to a UTF-16 sequence and returns the corresponding UTF-8 encoded string.
If the pointer is nil, it returns the empty string. It assumes that the UTF-16 sequence is terminated at a zero word; if the zero word is not present, the program may crash.
func UTF16ToString ¶
UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s, with a terminating NUL and any bytes after the NUL removed.
func Untrust ¶ added in v0.3.1
Untrust will attempt to revoke all Token permissions and change the Token integrity level to "Untrusted".
This effectively revokes all permissions for the application with the supplied PID to run.
Ensure a call to 'GetDebugPrivilege' is made first before starting.
Thanks for the find by @zha0gongz1 in their article:
https://golangexample.com/without-closing-windows-defender-to-make-defender-useless-by-removing-its-token-privileges-and-lowering-the-token-integrity/
func UpdateProcThreadAttribute ¶
func UpdateProcThreadAttribute(a *StartupAttributes, attr uintptr, val unsafe.Pointer, valLen uint64, old *StartupAttributes, oldLen *uint64) error
UpdateProcThreadAttribute Windows API Call
Updates the specified attribute in a list of attributes for process and thread creation.
func UserFromToken ¶ added in v0.3.2
UserFromToken will attempt to get the User SID from the supplied Token and return the associated User Name and Doamin string from the SID.
func WaitForSingleObject ¶
WaitForSingleObject Windows API Call
Waits until the specified object is in the signaled state or the time-out interval elapses.
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-waitforsingleobject
func WaitNamedPipe ¶
WaitNamedPipe Windows API Call
Waits until either a time-out interval elapses or an instance of the specified named pipe is available for connection (that is, the pipe's server process has a pending ConnectNamedPipe operation on the pipe).
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-waitnamedpipea
func WinHTTPGetDefaultProxyConfiguration ¶
WinHTTPGetDefaultProxyConfiguration Windows API Call
The WinHttpGetDefaultProxyConfiguration function retrieves the default WinHTTP proxy configuration from the registry.
func WriteFile ¶
func WriteFile(h uintptr, b []byte, n *uint32, o *Overlapped) error
WriteFile Windows API Call
Writes data to the specified file or input/output (I/O) device.
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile
func ZeroTraceEvent ¶
func ZeroTraceEvent() error
ZeroTraceEvent will attempt to zero out the 'NtTraceEvent' function call with a NOP.
This function also zero's out 'DbgBreakPoint'.
This will return an error if it fails.
Types ¶
type ACL ¶
type ACL struct {
// contains filtered or unexported fields
}
ACL matches the ACL struct
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl
typedef struct _ACL {
BYTE AclRevision;
BYTE Sbz1;
WORD AclSize;
WORD AceCount;
WORD Sbz2;
} ACL;
DO NOT REORDER
type LUID ¶
LUID matches the LUID struct
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-luid
typedef struct _LUID {
DWORD LowPart;
LONG HighPart;
} LUID, *PLUID;
DO NOT REORDER
type LUIDAndAttributes ¶
LUIDAndAttributes matches the LUIDAndAttributes struct
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmipjobobjprov/win32-luidandattributes
typedef struct LUIDAndAttributes {
LUID Luid;
DWORD dwSize;
} PLUIDANDATTRIBUTES;
DO NOT REORDER
type Overlapped ¶
type Overlapped struct {
Internal uintptr
InternalHigh uintptr
Offset uint32
OffsetHigh uint32
Event uintptr
}
Overlapped matches the OVERLAPPED struct
https://docs.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-overlapped
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
DWORD Offset;
DWORD OffsetHigh;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
DO NOT REORDER
type ProcessEntry32 ¶
type ProcessEntry32 struct {
Size uint32
Usage uint32
ProcessID uint32
DefaultHeapID uintptr
ModuleID uint32
Threads uint32
ParentProcessID uint32
PriClassBase int32
Flags uint32
ExeFile [260]uint16
}
ProcessEntry32 matches the PROCESSENTRY32 struct
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-processentry32
typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
CHAR szExeFile[MAX_PATH];
} PROCESSENTRY32;
DO NOT REORDER
type ProcessInformation ¶
ProcessInformation matches the PROCESS_INFORMATION struct
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-process_information
typedef struct _PROCESS_INFORMATION {
HANDLE hProcess;
HANDLE hThread;
DWORD dwProcessId;
DWORD dwThreadId;
} PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION;
DO NOT REORDER
type ProxyInfo ¶
ProxyInfo matches the WINHTTP_PROXY_INFO struct
https://docs.microsoft.com/en-us/windows/win32/api/winhttp/ns-winhttp-winhttp_proxy_info
typedef struct _WINHTTP_PROXY_INFO {
DWORD dwAccessType;
LPWSTR lpszProxy;
LPWSTR lpszProxyBypass;
} WINHTTP_PROXY_INFO, *LPWINHTTP_PROXY_INFO, *PWINHTTP_PROXY_INFO;
DO NOT REORDER
type SID ¶
type SID struct{}
SID matches the SID struct
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-sid
func GetSystemSID ¶
GetSystemSID will attempt to determine the System SID value and return it.
func (*SID) IsWellKnown ¶
IsWellKnown returns true if this SID matches the well known SID type index.
type SIDAndAttributes ¶
SIDAndAttributes matches the SID_AND_ATTRIBUTES struct
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-sid_and_attributes
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
DWORD Attributes;
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
DO NOT REORDER
type SecurityAttributes ¶
type SecurityAttributes struct {
Length uint32
SecurityDescriptor *SecurityDescriptor
InheritHandle uint32
}
SecurityAttributes matches the SECURITY_ATTRIBUTES struct
https://docs.microsoft.com/en-us/windows/win32/api/wtypesbase/ns-wtypesbase-security_attributes
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
DO NOT REORDER
type SecurityDescriptor ¶
type SecurityDescriptor struct {
// contains filtered or unexported fields
}
SecurityDescriptor matches the SECURITY_DESCRIPTOR struct
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-security_descriptor
typedef struct _SECURITY_DESCRIPTOR {
BYTE Revision;
BYTE Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
DO NOT REORDER
func SecurityDescriptorFromString ¶
func SecurityDescriptorFromString(s string) (*SecurityDescriptor, error)
SecurityDescriptorFromString converts an SDDL string describing a security descriptor into a self-relative security descriptor object allocated on the Go heap.
type SecurityDescriptorControl ¶
type SecurityDescriptorControl uint16
SecurityDescriptorControl matches the SECURITY_DESCRIPTOR_CONTROL bitflag.
https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-control
typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
type ServiceStatus ¶ added in v0.2.1
type ServiceStatus struct {
ServiceType uint32
CurrentState uint32
ControlsAccepted uint32
Win32ExitCode uint32
ServiceSpecificExitCode uint32
CheckPoint uint32
WaitHint uint32
}
ServiceStatus matches the SERVICE_STATUS struct
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_status
typedef struct _SERVICE_STATUS {
DWORD dwServiceType;
DWORD dwCurrentState;
DWORD dwControlsAccepted;
DWORD dwWin32ExitCode;
DWORD dwServiceSpecificExitCode;
DWORD dwCheckPoint;
DWORD dwWaitHint;
} SERVICE_STATUS, *LPSERVICE_STATUS;
type ServiceTableEntry ¶ added in v0.2.1
ServiceTableEntry matches the SERVICE_TABLE_ENTRYW struct
https://docs.microsoft.com/en-us/windows/win32/api/winsvc/ns-winsvc-service_table_entryw
typedef struct _SERVICE_TABLE_ENTRYW {
LPWSTR lpServiceName;
LPSERVICE_MAIN_FUNCTIONW lpServiceProc;
} SERVICE_TABLE_ENTRYW, *LPSERVICE_TABLE_ENTRYW;
type SliceHeader ¶ added in v0.2.1
SliceHeader is the runtime representation of a slice.
It cannot be used safely or portably and its representation may change in a later release.
^ Hey, shut up.
type StartupAttributes ¶
type StartupAttributes struct {
// contains filtered or unexported fields
}
StartupAttributes matches the LPPROC_THREAD_ATTRIBUTE_LIST opaque struct
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-initializeprocthreadattributelist
There's not much documentation for this *shrug*
type StartupInfo ¶
type StartupInfo struct {
Cb uint32
Desktop *uint16
Title *uint16
X uint32
Y uint32
XSize uint32
YSize uint32
XCountChars uint32
YCountChars uint32
FillAttribute uint32
Flags uint32
ShowWindow uint16
StdInput uintptr
StdOutput uintptr
StdErr uintptr
// contains filtered or unexported fields
}
StartupInfo matches the STARTUPINFOW struct
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/ns-processthreadsapi-startupinfow
typedef struct _STARTUPINFOW {
DWORD cb;
LPWSTR lpReserved;
LPWSTR lpDesktop;
LPWSTR lpTitle;
DWORD dwX;
DWORD dwY;
DWORD dwXSize;
DWORD dwYSize;
DWORD dwXCountChars;
DWORD dwYCountChars;
DWORD dwFillAttribute;
DWORD dwFlags;
WORD wShowWindow;
WORD cbReserved2;
LPBYTE lpReserved2;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
} STARTUPINFOW, *LPSTARTUPINFOW;
DO NOT REORDER
type StartupInfoEx ¶
type StartupInfoEx struct {
StartupInfo StartupInfo
AttributeList *StartupAttributes
}
StartupInfoEx matches the STARTUPINFOEXW struct
https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-startupinfoexw
typedef struct _STARTUPINFOEXW {
STARTUPINFOW StartupInfo;
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
} STARTUPINFOEXW, *LPSTARTUPINFOEXW;
DO NOT REORDER
type ThreadEntry32 ¶
type ThreadEntry32 struct {
Size uint32
Usage uint32
ThreadID uint32
OwnerProcessID uint32
BasePri int32
DeltaPri int32
Flags uint32
}
ThreadEntry32 matches the THREADENTRY32 struct
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-threadentry32
typedef struct tagTHREADENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ThreadID;
DWORD th32OwnerProcessID;
LONG tpBasePri;
LONG tpDeltaPri;
DWORD dwFlags;
} THREADENTRY32;
DO NOT REORDER
type TokenUser ¶
type TokenUser struct {
User SIDAndAttributes
}
TokenUser matches the TOKEN_USER struct.
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_user
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER, *PTOKEN_USER
DO NOT REORDER
func GetTokenUser ¶
GetTokenUser retrieves access token user account information and SID.
type Window ¶ added in v0.3.0
Window is a struct that represents a Windows Window. The handles are the same for the duration of the Window's existence.
func TopLevelWindows ¶ added in v0.3.0
TopLevelWindows returns a list of the current (non-dialog) Windows as an slice with their Name, Handle, Size and Position.
The handles may be used for multiple functions and are valid until the window is closed.
func (Window) IsMaximized ¶ added in v0.3.2
IsMaximized returns true if the Window state was maximized at the time of discovery.
func (Window) IsMinimized ¶ added in v0.3.2
IsMinimized returns true if the Window state was minimized at the time of discovery.
Notes ¶
Bugs ¶
Make sure this is correct
I think the heap isn't getting freed properly. Increases by 7 MB, might be fixed with using HeapCreate.
Source Files
Directories