Documentation
¶
Rendered for windows/amd64
Index ¶
Constants ¶
View Source
const ( // ObjectInformationClass values used to call NtQueryObject (https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryobject) ObjectNameInformationClass = 0x1 ObjectTypeInformationClass = 0x2 // Includes all processes in the system in the snapshot. (https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot) Th32csSnapProcess uint32 = 0x00000002 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type API ¶
type API interface {
// IsProcessInJob determines whether the process is running in the specified job.
IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *bool) error
// GetObjectType gets the object type of the given handle
GetObjectType(handle windows.Handle) (string, error)
// GetObjectName gets the object name of the given handle
GetObjectName(handle windows.Handle) (string, error)
// QuerySystemExtendedHandleInformation retrieves Extended handle system information.
QuerySystemExtendedHandleInformation() ([]SystemHandleInformationExItem, error)
// CurrentProcess returns the handle for the current process.
// It is a pseudo handle that does not need to be closed.
CurrentProcess() windows.Handle
// CloseHandle closes an open object handle.
CloseHandle(h windows.Handle) error
// OpenProcess returns an open handle
OpenProcess(desiredAccess uint32, inheritHandle bool, pID uint32) (windows.Handle, error)
// DuplicateHandle duplicates an object handle.
DuplicateHandle(hSourceProcessHandle windows.Handle, hSourceHandle windows.Handle, hTargetProcessHandle windows.Handle, lpTargetHandle *windows.Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) error
// CreateToolhelp32Snapshot takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.
CreateToolhelp32Snapshot(flags uint32, pID uint32) (windows.Handle, error)
// Process32First retrieves information about the first process encountered in a system snapshot.
Process32First(snapshot windows.Handle, procEntry *windows.ProcessEntry32) error
// Process32Next retrieves information about the next process recorded in a system snapshot.
Process32Next(snapshot windows.Handle, procEntry *windows.ProcessEntry32) error
}
type Helper ¶
func CreateHelper ¶
func CreateHelper() Helper
type ObjectTypeInformation ¶
type ObjectTypeInformation struct {
TypeName UnicodeString
TotalNumberOfObjects uint32
TotalNumberOfHandles uint32
TotalPagedPoolUsage uint32
TotalNonPagedPoolUsage uint32
}
Object type returned by calling NtQueryObject function
type SystemExtendedHandleInformation ¶
type SystemExtendedHandleInformation struct {
NumberOfHandles uintptr
Reserved uintptr
Handles [1]SystemHandleInformationExItem
}
System extended handle information summary, returned by NtQuerySystemInformation (https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntquerysysteminformation)
type SystemHandleInformationExItem ¶
type SystemHandleInformationExItem struct {
Object uintptr
UniqueProcessID uintptr
HandleValue uintptr
GrantedAccess uint32
CreatorBackTraceIndex uint16
ObjectTypeIndex uint16
HandleAttributes uint32
Reserved uint32
}
System handle extended information item, returned by NtQuerySystemInformation (https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntquerysysteminformation)
type UnicodeString ¶
Unicode string returned by NtQueryObject calls (https://docs.microsoft.com/en-us/windows/win32/api/subauth/ns-subauth-unicode_string)
func (UnicodeString) String ¶
func (u UnicodeString) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.