reverseshell

Documentation

Index

• Constants
• func DetectByPid(pid int32) bool
• func DetectProcesses(processes []*process.Process) bool
• func DetectSingleProcess(p *process.Process) bool
• func LoadProcess(pids []int32) ([]*process.Process, error)
• type PidHandleMap
• type ProcessExt
• type SYSTEM_HANDLE_INFORMATION
• type SYSTEM_HANDLE_INFORMATION_EX
• type SYSTEM_HANDLE_TABLE_ENTRY_INFO
• type SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX

Constants

const (
	SystemHandleInformation     = 16
	STATUS_INFO_LENGTH_MISMATCH = 0xc0000004
)

Functions

func DetectByPid

func DetectByPid(pid int32) bool

func DetectProcesses

func DetectProcesses(processes []*process.Process) bool

func DetectSingleProcess

func DetectSingleProcess(p *process.Process) bool

func LoadProcess

func LoadProcess(pids []int32) ([]*process.Process, error)

Types

type PidHandleMap

type PidHandleMap map[uintptr][]windows.Handle

type ProcessExt

type ProcessExt struct {
	Process     *process.Process
	Name        string
	Path        string
	Connections []net.ConnectionStat
}

type SYSTEM_HANDLE_INFORMATION

type SYSTEM_HANDLE_INFORMATION struct {
	NumberOfHandles uint32
	HandleList      [1]SYSTEM_HANDLE_TABLE_ENTRY_INFO
}

type SYSTEM_HANDLE_INFORMATION_EX

type SYSTEM_HANDLE_INFORMATION_EX struct {
	NumberOfHandles uint64
	Reserved        uint64
	Handles         []SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
}

type SYSTEM_HANDLE_TABLE_ENTRY_INFO

type SYSTEM_HANDLE_TABLE_ENTRY_INFO struct {
	UniqueProcessId uint16
	Unused1         [4]byte
	HandleValue     uint16 //6  句柄值, 在进程中唯一   uint16取值范围 0~65536
	Unused2         [16]byte
}

SYSTEM_HANDLE_TABLE_ENTRY_INFO x64 此结构用于接收系统中所有handle信息

type SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX

type SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX struct {
	Object                uintptr
	UniqueProcessId       uint32
	HandleValue           uint32
	GrantedAccess         uint32
	CreatorBackTraceIndex uint16
	ObjectTypeIndex       uint16
	HandleAttributes      uint32
	Reserved              uint32
}