procio

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2021 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrProcIsParent = errors.New("not supported on parent")

ErrProcIsParent is returned when trying to suspend the immediate parent process. Reason for this is the assumption that the parent process always is some form of console, which needs to be running in order to handle IO.

View Source 
var ErrProcIsSelf = errors.New("not supported on self")

ErrProcIsSelf is returned when trying to suspend the current process.

View Source 
var PermR = Permissions{
	Read: true,
}

PermR is readonly Permissions.

View Source 
var PermRC = Permissions{
	Read:  true,
	Write: true,
	COW:   true,
}

PermRC is the read and copy-on-write Permissions.

View Source 
var PermRCX = Permissions{
	Read:    true,
	Write:   true,
	COW:     true,
	Execute: true,
}

PermRCX is the read-execute and copy-on-write Permissions.

View Source 
var PermRW = Permissions{
	Read:  true,
	Write: true,
}

PermRW is the read-write Permissions.

View Source 
var PermRWX = Permissions{
	Read:    true,
	Write:   true,
	Execute: true,
}

PermRWX is the read-write-execute Permissions.

View Source 
var PermRX = Permissions{
	Read:    true,
	Execute: true,
}

PermRX is the read-execute Permissions.

Functions

func ComputeHashes 

func ComputeHashes(file string) (md5sum, sha256sum string, err error)

ComputeHashes computes the md5 and sha256 hashes of a given file.

func CrashMethodNames 

func CrashMethodNames() []string

CrashMethodNames returns a list of possible string values of CrashMethod.

func FormatMemorySegmentAddress 

func FormatMemorySegmentAddress(seg *MemorySegmentInfo) string

FormatMemorySegmentAddress formats the *MemorySegmentInfo.BaseAddress to a hex string with prefix '0x' and either 8 or 16 digits (based on the address value) with leading zeros.

func FormatPID 

func FormatPID(pid int) string

FormatPID formats the given process ID.

func GetRunningPIDs 

func GetRunningPIDs() ([]int, error)

GetRunningPIDs returns the PIDs of all running processes.

func PermissionsToNative 

func PermissionsToNative(perms Permissions) int

PermissionsToNative converts the given Permissions to the native linux representation.

func StateNames 

func StateNames() []string

StateNames returns a list of possible string values of State.

func TypeNames 

func TypeNames() []string

TypeNames returns a list of possible string values of Type.

Types

type CachingProcess 

type CachingProcess interface {
	Process
	InvalidateCache()
}

CachingProcess is a Process that caches *ProcessInfo and *MemorySegmentInfo. This cache will only be updated after InvalidateCache was called.

func OpenProcess 

func OpenProcess(pid int) (CachingProcess, error)

OpenProcess opens another process.

type CrashMethod 

type CrashMethod int

CrashMethod selects a method to crash a process.

ENUM( CreateThreadOnNull ) 

const (
	// CrashMethodCreateThreadOnNull is a CrashMethod of type CreateThreadOnNull
	CrashMethodCreateThreadOnNull CrashMethod = iota
)

func ParseCrashMethod 

func ParseCrashMethod(name string) (CrashMethod, error)

ParseCrashMethod attempts to convert a string to a CrashMethod

func (CrashMethod) MarshalText 

func (x CrashMethod) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method

func (CrashMethod) String 

func (x CrashMethod) String() string

String implements the Stringer interface.

func (*CrashMethod) UnmarshalText 

func (x *CrashMethod) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method

type DefaultMemoryReaderFactory 

type DefaultMemoryReaderFactory struct{}

DefaultMemoryReaderFactory is the default MemoryReaderFactory.

func (*DefaultMemoryReaderFactory) NewMemoryReader 

func (f *DefaultMemoryReaderFactory) NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

NewMemoryReader calls NewMemoryReader.

type MemoryReader 

type MemoryReader interface {
	io.ReadCloser
	io.Seeker
}

MemoryReader provides capabilities to read and seek through another processes memory.

func NewMemoryReader 

func NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)

NewMemoryReader creates a new MemoryReader to read the given segment of the given Process.

type MemoryReaderFactory 

type MemoryReaderFactory interface {
	NewMemoryReader(proc Process, seg *MemorySegmentInfo) (MemoryReader, error)
}

MemoryReaderFactory is a factory for MemoryReader.

type MemorySegmentInfo 

type MemorySegmentInfo struct {
	// ParentBaseAddress is the base address of the parent segment.
	// If no parent segment exists, this is equal to the BaseAddress.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationBase
	ParentBaseAddress uintptr `json:"parentBaseAddress"`

	// BaseAddress is the base address of the current memory segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->BaseAddress
	BaseAddress uintptr `json:"baseAddress"`

	// AllocatedPermissions is the Permissions that were used to initially
	// allocate this segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationProtect
	AllocatedPermissions Permissions `json:"allocatedPermissions"`

	// CurrentPermissions is the Permissions that the segment currently has.
	// This may differ from AllocatedPermissions if the permissions where changed
	// at some point (e.g. via VirtualProtect).
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->Protect
	CurrentPermissions Permissions `json:"currentPermissions"`

	// Size contains the size of the segment in bytes.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->RegionSize
	Size uintptr `json:"size"`

	// State contains the current State of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->State
	State State `json:"state"`

	// Type contains the Type of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->Type
	Type Type `json:"type"`

	// FilePath contains the path to the mapped file, or empty string if
	// no file mapping is associated with this memory segment.
	FilePath string `json:"filePath"`

	// SubSegments contains sub-segments, i.e. segment where their ParentBaseAddress
	// is equal to this segments BaseAddress.
	// If no such segments exist, this will be a slice of length 0.
	SubSegments []*MemorySegmentInfo `json:"subSegments"`
}

MemorySegmentInfo contains information about a memory segment.

func (*MemorySegmentInfo) CopyWithoutSubSegments 

func (s *MemorySegmentInfo) CopyWithoutSubSegments() *MemorySegmentInfo

CopyWithoutSubSegments creates a copy of this *MemorySegmentInfo, but the SubSegments of the returned *MemorySegmentInfo will be of length 0.

func (*MemorySegmentInfo) String 

func (s *MemorySegmentInfo) String() string

String returns a human readable representation of the BaseAddress.

type Permissions 

type Permissions struct {
	// Is read-only access allowed
	Read bool
	// Is write access allowed (also true if COW is enabled)
	Write bool
	// Is copy-on-write access allowed (if this is true, then so is Write)
	COW bool
	// Is execute access allowed
	Execute bool
}

Permissions describes the permissions of a memory segment.

func ParsePermissions 

func ParsePermissions(s string) (Permissions, error)

ParsePermissions parses the string representation of a Permissions, as output by Permissions.String and returns the resulting Permissions.

Each character of the string is interpreted individually and case insensitive. A '-' is ignored, 'r' stands for read, 'w' for write, 'c' for copy-on-write, and 'e' or 'x' for execute. Any other character results in an error. The resulting Permissions is the combination of all character interpretations.

func (Permissions) EqualTo 

func (p Permissions) EqualTo(other Permissions) bool

EqualTo returns true if the other Permissions is exactly equal to this one.

func (Permissions) IsMoreOrEquallyPermissiveThan 

func (p Permissions) IsMoreOrEquallyPermissiveThan(other Permissions) bool

IsMoreOrEquallyPermissiveThan returns true if the other Permissions is equally or more permissive than this one. See IsMorePermissiveThan for more information

func (Permissions) IsMorePermissiveThan 

func (p Permissions) IsMorePermissiveThan(other Permissions) bool

IsMorePermissiveThan returns true if the other Permissions is more permissive than this one. E.g. "rx" is more permissive than "r".

func (Permissions) String 

func (p Permissions) String() string

String returns the string representation of this Permissions.

type Process 

type Process interface {
	io.Closer
	fmt.Stringer

	PID() int
	Info() (*ProcessInfo, error)
	Handle() interface{}
	MemorySegments() ([]*MemorySegmentInfo, error)
	Suspend() error
	Resume() error
	Crash(CrashMethod) error
}

Process provides capability to interact with or retrieve information about other processes.

type ProcessInfo 

type ProcessInfo struct {
	PID              int                  `json:"pid"`
	Bitness          arch.Bitness         `json:"bitness"`
	ExecutablePath   string               `json:"executablePath"`
	ExecutableMD5    string               `json:"executableMD5"`
	ExecutableSHA256 string               `json:"executableSHA256"`
	Username         string               `json:"username"`
	MemorySegments   []*MemorySegmentInfo `json:"memorySegments"`
}

ProcessInfo represents information about a Process.

type State 

type State int

State represents the state of a memory segment.

ENUM( Commit Free Reserve ) 

const (
	// StateCommit is a State of type Commit
	StateCommit State = iota
	// StateFree is a State of type Free
	StateFree
	// StateReserve is a State of type Reserve
	StateReserve
)

func ParseState 

func ParseState(name string) (State, error)

ParseState attempts to convert a string to a State

func (State) MarshalText 

func (x State) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method

func (State) String 

func (x State) String() string

String implements the Stringer interface.

func (*State) UnmarshalText 

func (x *State) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method

type Type 

type Type int

Type represents the type of a memory segment.

ENUM( Image Mapped Private ) 

const (
	// TypeImage is a Type of type Image
	TypeImage Type = iota
	// TypeMapped is a Type of type Mapped
	TypeMapped
	// TypePrivate is a Type of type Private
	TypePrivate
)

func ParseType 

func ParseType(name string) (Type, error)

ParseType attempts to convert a string to a Type

func (Type) MarshalText 

func (x Type) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method

func (Type) String 

func (x Type) String() string

String implements the Stringer interface.

func (*Type) UnmarshalText 

func (x *Type) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method

Source Files

View all Source files

Directories

Path Synopsis
Package customWin32 provides a small subset of win32 bindings.
 Package customWin32 provides a small subset of win32 bindings.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.