Documentation
¶
Index ¶
- Variables
- func ComputeHashes(file string) (md5sum, sha256sum string, err error)
- func CrashMethodNames() []string
- func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string
- func FormatPID(pid int) string
- func GetRunningPIDs() ([]int, error)
- func PermissionsToNative(perms Permissions) int
- func StateNames() []string
- func TypeNames() []string
- type CachingProcess
- type CrashMethod
- type DefaultMemoryReaderFactory
- type MemoryReader
- type MemoryReaderFactory
- type MemorySegmentInfo
- type Permissions
- type Process
- type ProcessInfo
- type State
- type Type
Constants ¶
This section is empty.
Variables ¶
var ErrProcIsParent = errors.New("not supported on parent")
ErrProcIsParent is returned when trying to suspend the immediate parent process. Reason for this is the assumption that the parent process always is some form of console, which needs to be running in order to handle IO.
var ErrProcIsSelf = errors.New("not supported on self")
ErrProcIsSelf is returned when trying to suspend the current process.
var PermR = Permissions{ Read: true, }
PermR is readonly Permissions.
var PermRC = Permissions{ Read: true, Write: true, COW: true, }
PermRC is the read and copy-on-write Permissions.
var PermRCX = Permissions{ Read: true, Write: true, COW: true, Execute: true, }
PermRCX is the read-execute and copy-on-write Permissions.
var PermRW = Permissions{ Read: true, Write: true, }
PermRW is the read-write Permissions.
var PermRWX = Permissions{ Read: true, Write: true, Execute: true, }
PermRWX is the read-write-execute Permissions.
var PermRX = Permissions{ Read: true, Execute: true, }
PermRX is the read-execute Permissions.
Functions ¶
func ComputeHashes ¶
ComputeHashes computes the md5 and sha256 hashes of a given file.
func CrashMethodNames ¶
func CrashMethodNames() []string
CrashMethodNames returns a list of possible string values of CrashMethod.
func FormatMemorySegmentAddress ¶
func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string
FormatMemorySegmentAddress formats the *MemorySegmentInfo.BaseAddress to a hex string with prefix '0x' and either 8 or 16 digits (based on the address value) with leading zeros.
func GetRunningPIDs ¶
GetRunningPIDs returns the PIDs of all running processes.
func PermissionsToNative ¶
func PermissionsToNative(perms Permissions) int
PermissionsToNative converts the given Permissions to the native linux representation.
func StateNames ¶
func StateNames() []string
StateNames returns a list of possible string values of State.
Types ¶
type CachingProcess ¶
type CachingProcess interface { Process InvalidateCache() }
CachingProcess is a Process that caches *ProcessInfo and *MemorySegmentInfo. This cache will only be updated after InvalidateCache was called.
func OpenProcess ¶
func OpenProcess(pid int) (CachingProcess, error)
OpenProcess opens another process.
type CrashMethod ¶
type CrashMethod int
CrashMethod selects a method to crash a process.
ENUM( CreateThreadOnNull )
const ( // CrashMethodCreateThreadOnNull is a CrashMethod of type CreateThreadOnNull CrashMethodCreateThreadOnNull CrashMethod = iota )
func ParseCrashMethod ¶
func ParseCrashMethod(name string) (CrashMethod, error)
ParseCrashMethod attempts to convert a string to a CrashMethod
func (CrashMethod) MarshalText ¶
func (x CrashMethod) MarshalText() ([]byte, error)
MarshalText implements the text marshaller method
func (CrashMethod) String ¶
func (x CrashMethod) String() string
String implements the Stringer interface.
func (*CrashMethod) UnmarshalText ¶
func (x *CrashMethod) UnmarshalText(text []byte) error
UnmarshalText implements the text unmarshaller method
type DefaultMemoryReaderFactory ¶
type DefaultMemoryReaderFactory struct{}
DefaultMemoryReaderFactory is the default MemoryReaderFactory.
func (*DefaultMemoryReaderFactory) NewMemoryReader ¶
func (f *DefaultMemoryReaderFactory) NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
NewMemoryReader calls NewMemoryReader.
type MemoryReader ¶
type MemoryReader interface { io.ReadCloser io.Seeker }
MemoryReader provides capabilities to read and seek through another processes memory.
func NewMemoryReader ¶
func NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
NewMemoryReader creates a new MemoryReader to read the given segment of the given Process.
type MemoryReaderFactory ¶
type MemoryReaderFactory interface {
NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
}
MemoryReaderFactory is a factory for MemoryReader.
type MemorySegmentInfo ¶
type MemorySegmentInfo struct { // ParentBaseAddress is the base address of the parent segment. // If no parent segment exists, this is equal to the BaseAddress. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationBase ParentBaseAddress uintptr `json:"parentBaseAddress"` // BaseAddress is the base address of the current memory segment. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->BaseAddress BaseAddress uintptr `json:"baseAddress"` // AllocatedPermissions is the Permissions that were used to initially // allocate this segment. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationProtect AllocatedPermissions Permissions `json:"allocatedPermissions"` // CurrentPermissions is the Permissions that the segment currently has. // This may differ from AllocatedPermissions if the permissions where changed // at some point (e.g. via VirtualProtect). // Equivalence on windows: _MEMORY_BASIC_INFORMATION->Protect CurrentPermissions Permissions `json:"currentPermissions"` // Size contains the size of the segment in bytes. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->RegionSize Size uintptr `json:"size"` // State contains the current State of the segment. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->State State State `json:"state"` // Type contains the Type of the segment. // Equivalence on windows: _MEMORY_BASIC_INFORMATION->Type Type Type `json:"type"` // FilePath contains the path to the mapped file, or empty string if // no file mapping is associated with this memory segment. FilePath string `json:"filePath"` // SubSegments contains sub-segments, i.e. segment where their ParentBaseAddress // is equal to this segments BaseAddress. // If no such segments exist, this will be a slice of length 0. SubSegments []*MemorySegmentInfo `json:"subSegments"` }
MemorySegmentInfo contains information about a memory segment.
func (*MemorySegmentInfo) CopyWithoutSubSegments ¶
func (s *MemorySegmentInfo) CopyWithoutSubSegments() *MemorySegmentInfo
CopyWithoutSubSegments creates a copy of this *MemorySegmentInfo, but the SubSegments of the returned *MemorySegmentInfo will be of length 0.
func (*MemorySegmentInfo) String ¶
func (s *MemorySegmentInfo) String() string
String returns a human readable representation of the BaseAddress.
type Permissions ¶
type Permissions struct { // Is read-only access allowed Read bool // Is write access allowed (also true if COW is enabled) Write bool // Is copy-on-write access allowed (if this is true, then so is Write) COW bool // Is execute access allowed Execute bool }
Permissions describes the permissions of a memory segment.
func ParsePermissions ¶
func ParsePermissions(s string) (Permissions, error)
ParsePermissions parses the string representation of a Permissions, as output by Permissions.String and returns the resulting Permissions.
Each character of the string is interpreted individually and case insensitive. A '-' is ignored, 'r' stands for read, 'w' for write, 'c' for copy-on-write, and 'e' or 'x' for execute. Any other character results in an error. The resulting Permissions is the combination of all character interpretations.
func (Permissions) EqualTo ¶
func (p Permissions) EqualTo(other Permissions) bool
EqualTo returns true if the other Permissions is exactly equal to this one.
func (Permissions) IsMoreOrEquallyPermissiveThan ¶
func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool
IsMoreOrEquallyPermissiveThan returns true if the other Permissions is equally or more permissive than this one. See IsMorePermissiveThan for more information
func (Permissions) IsMorePermissiveThan ¶
func (p Permissions) IsMorePermissiveThan(other Permissions) bool
IsMorePermissiveThan returns true if the other Permissions is more permissive than this one. E.g. "rx" is more permissive than "r".
func (Permissions) String ¶
func (p Permissions) String() string
String returns the string representation of this Permissions.
type Process ¶
type Process interface { io.Closer fmt.Stringer PID() int Info() (*ProcessInfo, error) Handle() interface{} MemorySegments() ([]*MemorySegmentInfo, error) Suspend() error Resume() error Crash(CrashMethod) error }
Process provides capability to interact with or retrieve information about other processes.
type ProcessInfo ¶
type ProcessInfo struct { PID int `json:"pid"` Bitness arch.Bitness `json:"bitness"` ExecutablePath string `json:"executablePath"` ExecutableMD5 string `json:"executableMD5"` ExecutableSHA256 string `json:"executableSHA256"` Username string `json:"username"` MemorySegments []*MemorySegmentInfo `json:"memorySegments"` }
ProcessInfo represents information about a Process.
type State ¶
type State int
State represents the state of a memory segment.
ENUM( Commit Free Reserve )
func ParseState ¶
ParseState attempts to convert a string to a State
func (State) MarshalText ¶
MarshalText implements the text marshaller method
func (*State) UnmarshalText ¶
UnmarshalText implements the text unmarshaller method
type Type ¶
type Type int
Type represents the type of a memory segment.
ENUM( Image Mapped Private )
func (Type) MarshalText ¶
MarshalText implements the text marshaller method
func (*Type) UnmarshalText ¶
UnmarshalText implements the text unmarshaller method
Source Files
¶
Directories
¶
Path | Synopsis |
---|---|
Package customWin32 provides a small subset of win32 bindings.
|
Package customWin32 provides a small subset of win32 bindings. |