Documentation ¶
Rendered for windows/amd64
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlpcPortInfo ¶
AlpcPortInfo stores ALPC port basic information.
type Handle ¶
type Handle struct { // Num represents the internal handle identifier. Num handle.Handle `json:"id"` // Object is the kernel address that this handle references. Object uint64 `json:"-"` // Pid represents the process's identifier that owns the handle. Pid uint32 `json:"-"` // Type is the type of this handle (e.g. File, Key, Mutant, Section) Type string `json:"type"` // Name is the actual value of the handle (e.g. \Device\HarddiskVolume4\Windows\Temp\DPTF) Name string `json:"name"` // MD is the handle meta information (e.g. ALPC port info) MD Meta `json:"meta,omitempty"` }
Handle stores various metadata specific to the handle allocated by a process.
func NewFromKcap ¶
NewFromKcap restores handle state from the kcap buffer.
func (*Handle) Marshal ¶
Marshal dumps the state of the handle to byte slice that is suitable for serializing to kcap file.
type MutantInfo ¶
MutantInfo stores metadata about particular mutant object.
Click to show internal directories.
Click to hide internal directories.