types

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 25, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlpcPortInfo

type AlpcPortInfo struct {
	Flags   uint32
	Seqno   uint32
	Context uintptr
}

AlpcPortInfo stores ALPC port basic information.

type FileInfo

type FileInfo struct {
	IsDirectory bool
}

FileInfo contains file handle metadata.

type Handle

type Handle struct {
	// Num represents the internal handle identifier.
	Num handle.Handle `json:"id"`
	// Object is the kernel address that this handle references.
	Object uint64 `json:"-"`
	// Pid represents the process's identifier that owns the handle.
	Pid uint32 `json:"-"`
	// Type is the type of this handle (e.g. File, Key, Mutant, Section)
	Type string `json:"type"`
	// Name is the actual value of the handle (e.g. \Device\HarddiskVolume4\Windows\Temp\DPTF)
	Name string `json:"name"`
	// MD is the handle meta information (e.g. ALPC port info)
	MD Meta `json:"meta,omitempty"`
}

Handle stores various metadata specific to the handle allocated by a process.

func NewFromKcap

func NewFromKcap(buf []byte) (Handle, error)

NewFromKcap restores handle state from the kcap buffer.

func (Handle) Len

func (h Handle) Len() int

Len returns the length in bytes of the Handle structure.

func (*Handle) Marshal

func (h *Handle) Marshal() []byte

Marshal dumps the state of the handle to byte slice that is suitable for serializing to kcap file.

func (Handle) Offset

func (h Handle) Offset() uint16

Offset returns the next offset from which to read the binary data.

func (Handle) String

func (h Handle) String() string

String returns a string representation of the handle.

func (*Handle) Unmarshal

func (h *Handle) Unmarshal(b []byte) error

Unmarshal transforms the byte slice back to handle structure.

type Handles

type Handles []Handle

Handles represents a collection of handles.

func (Handles) String

func (handles Handles) String() string

String returns the string representation of all handles.

type Meta

type Meta interface{}

Meta represents the type alias for handle meta information

type MutantInfo

type MutantInfo struct {
	Count       int32
	IsAbandoned bool
}

MutantInfo stores metadata about particular mutant object.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL