heaven

package

v0.0.0-...-dbcb93e Latest Latest Go to latest Published: Feb 11, 2021 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aus/gopherheaven

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetModuleHandle(module string) (uint64, error)
func GetProcAddress(handle uint64, proc string) (uint64, error)
func GetSelfHandle() windows.Handle
func NtWow64QueryInformationProcess64(processHandle Handle, processInformationClass int32, ...) error
func NtWow64ReadVirtualMemory64(processHandle Handle, baseAddress uint64, bufferData windows.Pointer, ...) error
func Syscall(proc uint64, args ...uint64) (errcode uint32, err error)
type ANSI_STRING_WOW64
type Handle
type LDR_DATA_TABLE_ENTRY64
type LIST_ENTRY
type PEB64
type PEB_LDR_DATA64
type PROCESS_BASIC_INFORMATION64
type UNICODE_STRING_WOW64
type UNICODE_STRING_WTF

Constants ¶

View Source

const ERROR_SUCCESS syscall.Errno = 0

Variables ¶

This section is empty.

Functions ¶

func GetModuleHandle ¶

func GetModuleHandle(module string) (uint64, error)

GetModuleHandle returns a 64-bit handle to the specified module

func GetProcAddress ¶

func GetProcAddress(handle uint64, proc string) (uint64, error)

GetProcAddress returns the 64-bit address of the exported function from the given 64-bit module handle

func GetSelfHandle ¶

func GetSelfHandle() windows.Handle

GetSelfHandle returns a windows.Handle to the current process

func NtWow64QueryInformationProcess64 ¶

func NtWow64QueryInformationProcess64(processHandle Handle, processInformationClass int32,
	processInformation windows.Pointer, processInformationLength uint32, returnLength *uint32) error

func NtWow64ReadVirtualMemory64 ¶

func NtWow64ReadVirtualMemory64(processHandle Handle, baseAddress uint64,
	bufferData windows.Pointer, bufferSize uint64, returnSize *uint64) error

func Syscall ¶

func Syscall(proc uint64, args ...uint64) (errcode uint32, err error)

Syscall initiates a 64-bit procedure at the specificed proc address

Types ¶

type ANSI_STRING_WOW64 ¶

type ANSI_STRING_WOW64 struct {
	Length        uint16
	MaximumLength uint16
	WtfIsThis     uint32
	Buffer        uint64
}

type Handle ¶

type Handle = syscall.Handle

type LDR_DATA_TABLE_ENTRY64 ¶

type LDR_DATA_TABLE_ENTRY64 struct {
	InLoadOrderLinks           LIST_ENTRY
	InMemoryOrderLinks         LIST_ENTRY
	InInitializationOrderLinks LIST_ENTRY
	DllBase                    uint64
	EntryPoint                 uint64
	SizeOfImage                uint32
	Dummy                      uint64
	FullDllName                UNICODE_STRING_WOW64
	BaseDllName                UNICODE_STRING_WTF // [Length][Max][??extra 4 bytes??][Buffer]
}

type LIST_ENTRY ¶

type LIST_ENTRY struct {
	Flink uint64
	Blink uint64
}

type PEB64 ¶

type PEB64 struct {
	Reserved          [24]byte
	LdrData           uint64
	ProcessParameters uint64
}

type PEB_LDR_DATA64 ¶

type PEB_LDR_DATA64 struct {
	Length                uint32
	Initialized           uint32
	SsHandle              uint64
	InLoadOrderModuleList LIST_ENTRY
}

type PROCESS_BASIC_INFORMATION64 ¶

type PROCESS_BASIC_INFORMATION64 struct {
	ExitStatus                   uint64
	PebBaseAddress               uint64
	AffinityMask                 uint64
	BasePriority                 uint64
	UniqueProcessId              uint64
	InheritedFromUniqueProcessId uint64
}

type UNICODE_STRING_WOW64 ¶

type UNICODE_STRING_WOW64 struct {
	Length        uint16
	MaximumLength uint16
	Buffer        uint64
}

type UNICODE_STRING_WTF ¶

type UNICODE_STRING_WTF struct {
	Length        uint16
	MaximumLength uint16
	WtfIsThis     uint32
	Buffer        uint64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL