Documentation
¶
Index ¶
- func GetPIDFromThread(handle handle.Handle) (uint32, error)
- func GetParentPID(handle handle.Handle) uint32
- func GetStartTime(handle handle.Handle) (time.Time, error)
- func IsAlive(handle handle.Handle) bool
- func Open(access DesiredAccess, inheritHandle bool, processID uint32) (handle.Handle, error)
- func QueryFullImageName(handle handle.Handle) (string, error)
- func QueryInfo(handle handle.Handle, infoClass InfoClassFlags, buf []byte) (uint32, error)
- func ReadMemory(handle handle.Handle, addr unsafe.Pointer, size uintptr) ([]byte, error)
- func ReadMemoryUnicode(handle handle.Handle, addr unsafe.Pointer, size uintptr) ([]uint16, error)
- type BasicInformation
- type CurDir
- type DesiredAccess
- type InfoClassFlags
- type LDRData
- type ListEntry
- type PEB
- type RTLUserProcessParameters
- type String
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPIDFromThread ¶
GetPIDFromThread returns the pid to which the specified thread belongs.
func GetParentPID ¶
GetParentPID returns the identifier of the parent process from the process's basic information structure.
func GetStartTime ¶
GetStartTime returns process's timing statistics.
func IsAlive ¶
IsAlive checks if the process identified by the specified handle is still in running state.
func QueryFullImageName ¶
QueryFullImageName retrieves the full name of the executable image for the specified process.
func QueryInfo ¶
QueryInfo retrieves a variety of process's information depending on the info class passed to this function.
func ReadMemory ¶
ReadMemory reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
Types ¶
type BasicInformation ¶
type BasicInformation struct {
Reserved1 uintptr
PEB *PEB
Reserved2 [2]uintptr
UniqueProcessID uintptr
InheritedFromUniqueProcessID uintptr
}
BasicInformation describes the process basic information.
type CurDir ¶
type CurDir struct {
DosPath utf16.UnicodeString
Handle uintptr
}
CurDir describes the string that stores the process current working directory.
type DesiredAccess ¶
type DesiredAccess uint32
DesiredAccess defines the type alias for process's access modifiers
const ( // Terminate is required to terminate a process Terminate DesiredAccess = 0x0001 // CreateThread is required to create a thread in the process CreateThread DesiredAccess = 0x0002 // VMOperation is required to perform an operation on the address space of a process VMOperation DesiredAccess = 0x0008 // VMRead is required to read memory in a process VMRead DesiredAccess = 0x0010 // VMWrite is required to write to memory in a process VMWrite DesiredAccess = 0x0020 // DupHandle lets duplicate handles of the target process DupHandle DesiredAccess = 0x0040 // CreateProcess is required to use this process as the parent process CreateProcess DesiredAccess = 0x0080 // SetQuota is required to set memory limits SetQuota DesiredAccess = 0x0100 // SetInformation is required to set certain information about a process SetInformation DesiredAccess = 0x0200 // QueryInformation is required to retrieve certain information about a process, such as its token, exit code, and priority class QueryInformation DesiredAccess = 0x0400 // SuspendResume is required to suspend or resume a process SuspendResume DesiredAccess = 0x0800 // QueryLimitedInformation is required to get certain information about process, such as process's image name QueryLimitedInformation DesiredAccess = 0x1000 // AllAccess represents all possible access rights AllAccess DesiredAccess = 0x000F0000 | 0x00100000 | 0xFFFF )
func (DesiredAccess) Flags ¶ added in v1.5.0
func (access DesiredAccess) Flags() []string
Flags converts the desired access mask to the slice of string values.
func (DesiredAccess) String ¶ added in v1.5.0
func (access DesiredAccess) String() string
String returns a human-readable process desired access.
type InfoClassFlags ¶
type InfoClassFlags uint8
InfoClassFlags defines the type for process's info class
const ( // BasicInformationClass returns basic process's information BasicInformationClass InfoClassFlags = 0 // HandleInformationClass returns allocated process handles HandleInformationClass InfoClassFlags = 51 // SequenceNumberInformationClass returns the process sequence number SequenceNumberInformationClass InfoClassFlags = 92 )
type PEB ¶
type PEB struct {
Reserved1 [2]byte
BeingDebugged byte
Reserved2 [21]byte
LDR *LDRData
ProcessParameters *RTLUserProcessParameters
Reserved3 [520]byte
PostProcessInitRoutine uintptr
Reserved4 [136]byte
SessionID uint32
}
PEB describes the Process Environment Block.
type RTLUserProcessParameters ¶
type RTLUserProcessParameters struct {
Reserved1 [16]byte
ConsoleHandle uintptr
ConsoleFlags uint32
Stdin uintptr
Stdout uintptr
Stderr uintptr
CurrentDirectory CurDir
DllPath utf16.UnicodeString
ImagePathName utf16.UnicodeString
CommandLine utf16.UnicodeString
Environment uintptr
}
RTLUserProcessParameters describes the process parameters such as the current working directory or the process environment block.
Source Files