winApi

package

v0.0.0-...-cfecef3 Latest Latest Go to latest Published: Feb 11, 2022 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/3rsh1/goFunctionStomping

Documentation ¶

Index ¶

Constants
Variables
func IsErrSuccess(err error) bool
func ProcEnumProcessModules(hProcess w32.HANDLE, hmodule *w32.HMODULE, cb w32.DWORD, lpcbNeeded *w32.DWORD) bool
func ProcGetModuleFileNameExW(hProcess w32.HANDLE, hModule w32.HMODULE, lpFileName *[MAX_PATH]uint16, ...) uint32
func ProcNtCreateProcess(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
func ProcNtCreateSection(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
func ProcNtCreateThreadEx(hThread *w32.HANDLE, DesiredAccess ACCESS_MASK, ...) uint32
func ProcNtQueryInformationProcess(hProcess w32.HANDLE, ProcessInfoClass int, ...) uint32
func ProcNtReadVirtualMemory(processHandle w32.HANDLE, BaseAddress w32.PVOID, Buffer w32.PVOID, ...) uint32
func ProcOpenProcess(DesireAccess, InheritHandle, ProcessId uint) uintptr
func ProcRtlCreateProcessParametersEx(pProcessParameters *uintptr, ImagePathName *w32.UNICODE_STRING, ...) uint32
func ProcRtlInitUnicodeStringEx(target *w32.UNICODE_STRING, source *string) uint32
func ProcSetFileInformationByHandle(fileHandle w32.HANDLE, FileInformationClass1 FileInformationClass, ...) bool
func ProcVirtualProtectEx(hProcess w32.HANDLE, lpAddress w32.PVOID, dwSize w32.SIZE_T, ...) uint32
func ProcWriteProcessMemory(hProcess w32.HANDLE, lpBaseAddress uintptr, data []byte, size uint) (err error)
type ACCESS_MASK
type FILE_DISPOSITION_INFO
type FileInformationClass
type OBJECT_ATTRIBUTES
type PROCESS_BASE_INFORMATION
type RTL_USER_PROCESS_PARAMETERS

Constants ¶

View Source

const (
	FileBasicInfo                  = 0
	FileStandardInfo               = 1
	FileNameInfo                   = 2
	FileRenameInfo                 = 3
	FileDispositionInfo            = 4
	FileAllocationInfo             = 5
	FileEndOfFileInfo              = 6
	FileStreamInfo                 = 7
	FileCompressionInfo            = 8
	FileAttributeTagInfo           = 9
	FileIdBothDirectoryInfo        = 10 // 0xA
	FileIdBothDirectoryRestartInfo = 11 // 0xB
	FileIoPriorityHintInfo         = 12 // 0xC
	FileRemoteProtocolInfo         = 13 // 0xD
	FileFullDirectoryInfo          = 14 // 0xE
	FileFullDirectoryRestartInfo   = 15 // 0xF
	FileStorageInfo                = 16 // 0x10
	FileAlignmentInfo              = 17 // 0x11
	FileIdInfo                     = 18 // 0x12
	FileIdExtdDirectoryInfo        = 19 // 0x13
	FileIdExtdDirectoryRestartInfo = 20 // 0x14
)

View Source

const MAX_PATH = 255

Variables ¶

View Source

var (
	SetFileInformationByHandle = kernel32.MustFindProc("SetFileInformationByHandle")
	OpenProcess                = kernel32.MustFindProc("OpenProcess")
	VirtualProtectEx           = kernel32.MustFindProc("VirtualProtectEx")
	WriteProcessMemory         = kernel32.MustFindProc("WriteProcessMemory")
)

View Source

var (
	NtCreateProcessEx            = ntdll.MustFindProc("NtCreateProcessEx")
	NtCreateSection              = ntdll.MustFindProc("NtCreateSection")
	NtClose                      = ntdll.MustFindProc("NtClose")
	NtReadVirtualMemory          = ntdll.MustFindProc("NtReadVirtualMemory")
	NtCreateThreadEx             = ntdll.MustFindProc("NtCreateThreadEx")
	RtlCreateProcessParametersEx = ntdll.MustFindProc("RtlCreateProcessParametersEx")
	NtQueryInformationProcess    = ntdll.MustFindProc("NtQueryInformationProcess")
	RtlInitUnicodeStringEx       = ntdll.MustFindProc("RtlInitUnicodeStringEx")
)

View Source

var (
	EnumProcessModules   = psapi.MustFindProc("EnumProcessModules")
	GetModuleFileNameExW = psapi.MustFindProc("GetModuleFileNameExW")
)

Functions ¶

func IsErrSuccess ¶

func IsErrSuccess(err error) bool

func ProcEnumProcessModules ¶

func ProcEnumProcessModules(hProcess w32.HANDLE, hmodule *w32.HMODULE, cb w32.DWORD, lpcbNeeded *w32.DWORD) bool

func ProcGetModuleFileNameExW ¶

func ProcGetModuleFileNameExW(hProcess w32.HANDLE, hModule w32.HMODULE, lpFileName *[MAX_PATH]uint16, size w32.DWORD) uint32

func ProcNtCreateProcess ¶

func ProcNtCreateProcess(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ObjectAttributes *OBJECT_ATTRIBUTES, parentProcess w32.HANDLE, InheritObjectTable uint, sectionHandle w32.HANDLE, DebugPort w32.HANDLE, ExceptionPort w32.HANDLE, Injob uint8) uint32

func ProcNtCreateSection ¶

func ProcNtCreateSection(pHandle *w32.HANDLE, DesiredAccess ACCESS_MASK, ObjectAttributes *OBJECT_ATTRIBUTES, MaximumSize *uint64, SectionPageProtection uint32, AllocationAttributes uint32, FileHandle w32.HANDLE) uint32

func ProcNtCreateThreadEx ¶

func ProcNtCreateThreadEx(hThread *w32.HANDLE, DesiredAccess ACCESS_MASK, ObjectAttributes *w32.OBJECT_ATTRIBUTES, ProcessHandle w32.HANDLE, lpStartAddress unsafe.Pointer, lpParameter unsafe.Pointer, CreateSuspended int, StackZeroBits uint32, SizeOfStackCommit uint32, SizeOfStackReserve uint32, lpBytesBuffer unsafe.Pointer) uint32

func ProcNtQueryInformationProcess ¶

func ProcNtQueryInformationProcess(hProcess w32.HANDLE, ProcessInfoClass int, ProcessInformation *PROCESS_BASE_INFORMATION, ProcessInformationLength uint32, ReturnLength w32.ULONG_PTR) uint32

func ProcNtReadVirtualMemory ¶

func ProcNtReadVirtualMemory(processHandle w32.HANDLE, BaseAddress w32.PVOID, Buffer w32.PVOID, NumberOfBytesToRead uint32, NumberOfBytesReaded *uint32) uint32

func ProcOpenProcess ¶

func ProcOpenProcess(DesireAccess, InheritHandle, ProcessId uint) uintptr

func ProcRtlCreateProcessParametersEx ¶

func ProcRtlCreateProcessParametersEx(pProcessParameters *uintptr, ImagePathName *w32.UNICODE_STRING, DllPath *w32.UNICODE_STRING, CurrentDirectory *w32.UNICODE_STRING, CommandLine *w32.UNICODE_STRING, Environment w32.PVOID, WindowTitle *w32.UNICODE_STRING, DesktopInfo *w32.UNICODE_STRING, ShellInfo *w32.UNICODE_STRING, RuntimeData *w32.UNICODE_STRING, flag uint) uint32

func ProcRtlInitUnicodeStringEx ¶

func ProcRtlInitUnicodeStringEx(target *w32.UNICODE_STRING, source *string) uint32

func ProcSetFileInformationByHandle ¶

func ProcSetFileInformationByHandle(fileHandle w32.HANDLE, FileInformationClass1 FileInformationClass, fileInformation *FILE_DISPOSITION_INFO, bufferSize w32.DWORD) bool

func ProcVirtualProtectEx ¶

func ProcVirtualProtectEx(hProcess w32.HANDLE, lpAddress w32.PVOID, dwSize w32.SIZE_T, flNewProtect w32.DWORD, lpflOldProtect *w32.DWORD) uint32

func ProcWriteProcessMemory ¶

func ProcWriteProcessMemory(hProcess w32.HANDLE, lpBaseAddress uintptr, data []byte, size uint) (err error)

Types ¶

type ACCESS_MASK ¶

type ACCESS_MASK uint32

type FILE_DISPOSITION_INFO ¶

type FILE_DISPOSITION_INFO struct {
	DeleteFile bool
}

type FileInformationClass ¶

type FileInformationClass int

type OBJECT_ATTRIBUTES ¶

type OBJECT_ATTRIBUTES struct {
	RootDirectory            w32.HANDLE
	ObjectName               *w32.UNICODE_STRING
	Attributes               uint32
	SecurityDescriptor       w32.PVOID
	SecurityQualityOfService w32.PVOID
	// contains filtered or unexported fields
}

type PROCESS_BASE_INFORMATION ¶

type PROCESS_BASE_INFORMATION struct {
	ExitStatus                   uint
	PebBaseAddress               uintptr
	AffinityMask                 uintptr
	BasePriority                 int
	UniqueProcessId              uintptr
	InheritedFromUniqueProcessId uintptr
}

type RTL_USER_PROCESS_PARAMETERS ¶

type RTL_USER_PROCESS_PARAMETERS struct {
	ImagePathName w32.UNICODE_STRING
	CommandLine   w32.UNICODE_STRING
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL