MemoryScanning

package module
v0.0.0-...-7b43da9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2025 License: MIT Imports: 8 Imported by: 0

README

vashMem

lib for scanning programs memory in go / golang

Documentation

Index

Constants

View Source 
const (
	PROCESS_ALL_ACCESS                = 0x1F0FFF
	PROCESS_QUERY_INFORMATION         = 0x0400
	PROCESS_VM_READ                   = 0x0010
	LIST_MODULES_ALL                  = 0x03
	PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
	PROCESS_VM_WRITE                  = 0x0020
	PROCESS_VM_OPERATION              = 0x0008
	PROCESS_QUERY_INFO                = 0x0400
	GWL_HINSTANCE                     = int32(-6)
	TH32CS_SNAPMODULE                 = 0x00000008
	TH32CS_SNAPMODULE32               = 0x00000010
)

Variables

View Source 
var VirtualQueryExProc = kernel32a.MustFindProc("VirtualQueryEx")

Functions

func BufferScanForMaskedPattern 

func BufferScanForMaskedPattern(haystack *[]byte, patternMask string, needle *[]byte) (int, bool)

func ByteArrayToString 

func ByteArrayToString(arr []byte) string

func ContainsInvalidChars 

func ContainsInvalidChars(s string) bool

func Float32ToFloat64 

func Float32ToFloat64(f32 float32) float64

func Float64ToFloat32 

func Float64ToFloat32(f64 float64) float32

func Float64ToHex 

func Float64ToHex(f float64) string

func Float64ToUint32 

func Float64ToUint32(f float64) uint32

func Float64ToUint64 

func Float64ToUint64(f float64) uint64

func FloatToHex 

func FloatToHex(f float64) string

func GetAddress 

func GetAddress(PID int, Base uintptr, Address uintptr, Offset string) (uintptr, error)

func GetAddressFromOffsets 

func GetAddressFromOffsets(address uintptr, offsets ...uintptr) uintptr

func GetHwndByProcessID 

func GetHwndByProcessID(pid uint32) (uintptr, error)

func GetInstanceHandle 

func GetInstanceHandle(handle uintptr) (uintptr, error)

func GetModulePatternStatic 

func GetModulePatternStatic(pid uint32, hProcess *uintptr, moduleName string, aobScan string, size int) (uintptr, error)

func GetNeedleFromAOBPattern 

func GetNeedleFromAOBPattern(aobPattern *[]string) (string, []byte, int)

func GetPid 

func GetPid(exeName string) uint32

func GetPointerDynamic 

func GetPointerDynamic(pHandle, base *uintptr, aobScan *string, offset int64, pid *uint32, size int) uintptr

func GetPointerStatic 

func GetPointerStatic(pHandle, base *uintptr, aobScan *string, offset int64, pid *uint32, size int) uintptr

func GetProcessHandle 

func GetProcessHandle(pid uint32) uintptr

func HexStringToByteArray 

func HexStringToByteArray(hexString string) []byte

func HexStringToBytes 

func HexStringToBytes(hexString string) ([]byte, error)

func HexStringToPattern 

func HexStringToPattern(hexString string) ([]string, error)

func HexToFloat 

func HexToFloat(d uint32) float32

func HexToFloat64 

func HexToFloat64(d uint64) float64

func HexToFloatBig 

func HexToFloatBig(x uint32) float32

func Int64ToHex 

func Int64ToHex(num int64) string

func IntToHex 

func IntToHex(num int) string

func IntToHexOld 

func IntToHexOld(value int) string

func IsTarget64bit 

func IsTarget64bit() (bool, error)

func ModulePatternScan 

func ModulePatternScan(pid uint32, hProcess *uintptr, moduleName string, aobPattern ...string) (int64, error)

func PatternScan 

func PatternScan(hProcess *uintptr, address *uintptr, sizeOfRegionBytes *uintptr, patternMask string, needleBuffer *[]byte) int64

func Pointer 

func Pointer(address uintptr, offsets ...uintptr) uintptr

func ProcessPatternScan 

func ProcessPatternScan(hProcess *uintptr, startAddress uintptr, endAddress uintptr, aobPattern ...string) int64

func ReadMemory 

func ReadMemory(MADDRESS uintptr, pid int, size int) (uint64, error)

func ReadMemoryStr 

func ReadMemoryStr(address uintptr, pid int) (string, error)

func ReadRaw 

func ReadRaw(hProcess *uintptr, address *uintptr, buffer []byte, offsets ...uintptr) bool

func SplitPath 

func SplitPath(path string) (string, string)

func UintptrToHex 

func UintptrToHex(ptr uintptr) string

func VirtualQueryEx 

func VirtualQueryEx(hProcess uintptr, address uintptr, memInfo *MemoryInfo) bool

func WriteBytes 

func WriteBytes(pid int, address uintptr, aobString string, offsets ...uintptr) error

func WriteProcessMemory 

func WriteProcessMemory(pid uint32, address uintptr, valueToWrite float32, size uint32) error

func WriteRaw 

func WriteRaw(pid int, address uintptr, buffer []byte, sizeBytes int, offsets ...uintptr) error

Types

type AobCache 

type AobCache struct {
	// contains filtered or unexported fields
}

type MEMORY_BASIC_INFORMATION 

type MEMORY_BASIC_INFORMATION struct {
	BaseAddress       uintptr
	AllocationBase    uintptr
	AllocationProtect uint32
	RegionSize        uintptr
	State             uint32
	Protect           uint32
	Type              uint32
}

type MemoryInfo 

type MemoryInfo struct {
	BaseAddress uintptr
	RegionSize  uintptr
	State       uint32
	Protect     uint32
}

type ModuleEntry32 

type ModuleEntry32 struct {
	GlblcntUsage uint32
	ProccntUsage uint32
	// contains filtered or unexported fields
}

type ModuleInfo 

type ModuleInfo struct {
	Name     string
	FileName string

	SizeOfImage int
	EntryPoint  uintptr
	// contains filtered or unexported fields
}

func GetModuleInfo 

func GetModuleInfo(processID uint32, moduleName string) (ModuleInfo, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.