Documentation
¶
Index ¶
- func GetPIDFromThread(handle handle.Handle) (uint32, error)
- func GetParentPID(handle handle.Handle) uint32
- func GetStartTime(handle handle.Handle) (time.Time, error)
- func IsAlive(handle handle.Handle) bool
- func Open(access DesiredAccess, inheritHandle bool, processID uint32) (handle.Handle, error)
- func QueryFullImageName(handle handle.Handle) (string, error)
- func QueryInfo(handle handle.Handle, infoClass InfoClassFlags, buf []byte) (uint32, error)
- func ReadMemory(handle handle.Handle, addr unsafe.Pointer, size uintptr) ([]byte, error)
- func ReadMemoryUnicode(handle handle.Handle, addr unsafe.Pointer, size uintptr) ([]uint16, error)
- type BasicInformation
- type CurDir
- type DesiredAccess
- type InfoClassFlags
- type LDRData
- type ListEntry
- type PEB
- type RTLUserProcessParameters
- type String
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPIDFromThread ¶
GetPIDFromThread returns the pid to which the specified thread belongs.
func GetParentPID ¶
GetParentPID returns the identifier of the parent process from the process's basic information structure.
func GetStartTime ¶
GetStartTime returns process's timing statistics.
func IsAlive ¶
IsAlive checks if the process identified by the specified handle is still in running state.
func QueryFullImageName ¶
QueryFullImageName retrieves the full name of the executable image for the specified process.
func QueryInfo ¶
QueryInfo retrieves a variety of process's information depending on the info class passed to this function.
func ReadMemory ¶
ReadMemory reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
Types ¶
type BasicInformation ¶
type BasicInformation struct {
Reserved1 uintptr
PEB *PEB
Reserved2 [2]uintptr
UniqueProcessID uintptr
InheritedFromUniqueProcessID uintptr
}
BasicInformation describes the process basic information.
type CurDir ¶
type CurDir struct {
DosPath utf16.UnicodeString
Handle uintptr
}
CurDir describes the string that stores the process current working directory.
type DesiredAccess ¶
type DesiredAccess uint32
DesiredAccess defines the type alias for process's access modifiers
const ( // QueryInformation is required to retrieve certain information about a process, such as its token, exit code, and priority class QueryInformation DesiredAccess = 0x0400 // QueryLimitedInformation is required to get certain information about process, such as process's image name QueryLimitedInformation DesiredAccess = 0x1000 // VMRead is required to read memory in a process VMRead DesiredAccess = 0x0010 // DupHandle lets duplicate handles of the target process DupHandle DesiredAccess = 0x0040 )
type InfoClassFlags ¶
type InfoClassFlags uint8
InfoClassFlags defines the type for process's info class
const ( // BasicInformationClass returns basic process's information BasicInformationClass InfoClassFlags = 0 // HandleInformationClass returns allocated process handles HandleInformationClass InfoClassFlags = 51 )
type PEB ¶
type PEB struct {
Reserved1 [2]byte
BeingDebugged byte
Reserved2 [21]byte
LDR *LDRData
ProcessParameters *RTLUserProcessParameters
Reserved3 [520]byte
PostProcessInitRoutine uintptr
Reserved4 [136]byte
SessionID uint32
}
PEB describes the Process Environment Block.
type RTLUserProcessParameters ¶
type RTLUserProcessParameters struct {
Reserved1 [16]byte
ConsoleHandle uintptr
ConsoleFlags uint32
Stdin uintptr
Stdout uintptr
Stderr uintptr
CurrentDirectory CurDir
DllPath utf16.UnicodeString
ImagePathName utf16.UnicodeString
CommandLine utf16.UnicodeString
Environment uintptr
}
RTLUserProcessParameters describes the process parameters such as the current working directory or the process environment block.
Source Files