winapi

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package winapi centralizes low-level Windows API access used across HackBrowserData. It exposes typed wrappers around specific syscalls that golang.org/x/sys/windows does not cover, plus shared LazyDLL handles and a small error-handling helper.

Callers: utils/injector, filemanager, crypto. Higher-level Windows browser utilities live in utils/winutil.

Index

Constants

View Source 
const (

	// FileTypeDisk is the GetFileType return value for a normal disk file.
	FileTypeDisk uint32 = 0x0001
)

Variables

View Source 
var (
	Kernel32 = windows.NewLazySystemDLL("kernel32.dll")
	Ntdll    = windows.NewLazySystemDLL("ntdll.dll")
	Crypt32  = windows.NewLazySystemDLL("crypt32.dll")
	User32   = windows.NewLazySystemDLL("user32.dll")
)

Package-level LazyDLL handles. Declaring them once here avoids the NewLazySystemDLL boilerplate previously spread across injector, filemanager, and crypto.

Functions

func AddrGetProcAddress 

func AddrGetProcAddress() uintptr

func AddrLoadLibraryA 

func AddrLoadLibraryA() uintptr

func AddrNtFlushInstructionCache 

func AddrNtFlushInstructionCache() uintptr

func AddrVirtualAlloc 

func AddrVirtualAlloc() uintptr

func AddrVirtualProtect 

func AddrVirtualProtect() uintptr

func CallBoolErr 

func CallBoolErr(p *windows.LazyProc, args ...uintptr) (uintptr, error)

CallBoolErr wraps the common "r1 == 0 means failure" Win32 convention. Win32 GetLastError often returns ERROR_SUCCESS (errno 0) even on failure, so we distinguish the "no-errno" case explicitly to avoid emitting a misleading "operation completed successfully" message. errors.As is used instead of a type assertion so the check stays correct if x/sys/windows ever wraps the underlying errno.

func CreateRemoteThread 

func CreateRemoteThread(proc windows.Handle, startAddr, param uintptr) (windows.Handle, error)

CreateRemoteThread wraps kernel32!CreateRemoteThread. Returns the new thread's handle, which the caller must CloseHandle.

func DecryptDPAPI 

func DecryptDPAPI(ciphertext []byte) ([]byte, error)

DecryptDPAPI decrypts a DPAPI-protected blob using the current user's master key. It is the Windows counterpart to macOS/Linux os_crypt fallbacks and is called by crypto.DecryptDPAPI.

func EnumProcesses 

func EnumProcesses() ([]uint32, error)

EnumProcesses returns all PIDs currently visible to the caller. Backed by kernel32!K32EnumProcesses (available on Windows 7+), so we do not need a separate psapi.dll handle. The buffer doubles on overflow up to a 1M-entry safety cap.

func ExpandEnvString 

func ExpandEnvString(s string) (string, error)

ExpandEnvString is the Go-friendly wrapper around kernel32!ExpandEnvironmentStringsW. Use it when you need to resolve Windows-style %VAR% placeholders — Go's stdlib os.ExpandEnv only recognizes Unix-style $VAR / ${VAR} and leaves %VAR% untouched.

func GetFileSizeEx 

func GetFileSizeEx(h windows.Handle) (int64, error)

GetFileSizeEx returns the size of the file referenced by h.

func GetFileType 

func GetFileType(h windows.Handle) uint32

GetFileType returns the Windows FileType for h (e.g., FileTypeDisk).

func GetFinalPathName 

func GetFinalPathName(h windows.Handle) (string, error)

GetFinalPathName returns the normalized file path for h, with the \\?\ prefix stripped.

func HideConsoleWindow added in v1.0.0 

func HideConsoleWindow() bool

HideConsoleWindow hides the console window attached to the current process. Returns true if the window was previously visible.

func MapFile 

func MapFile(h windows.Handle, size int) ([]byte, error)

MapFile creates a read-only file mapping over h, copies the first size bytes into a Go-owned slice, and releases the mapping. Reads go through the OS kernel's file cache, which includes SQLite WAL data that has not yet been checkpointed into the main file.

func QueryFullProcessImageName 

func QueryFullProcessImageName(h windows.Handle) (string, error)

QueryFullProcessImageName returns the full file-system path of the executable backing the given process handle. Open the handle with PROCESS_QUERY_LIMITED_INFORMATION (available to non-admin callers).

func VirtualAllocEx 

func VirtualAllocEx(proc windows.Handle, size uintptr, flAllocType, flProtect uint32) (uintptr, error)

VirtualAllocEx wraps kernel32!VirtualAllocEx. Returns the allocated base address in the target process, or an error surfacing Win32 errno-0 explicitly via CallBoolErr.

Types

type SystemHandleEntry 

type SystemHandleEntry struct {
	Object                uintptr
	UniqueProcessID       uintptr
	HandleValue           uintptr
	GrantedAccess         uint32
	CreatorBackTraceIndex uint16
	ObjectTypeIndex       uint16
	HandleAttributes      uint32
	Reserved              uint32
}

SystemHandleEntry mirrors SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, the extended entry returned by SystemExtendedHandleInformation (class 64).

Layout on 64-bit Windows (40 bytes): 

PVOID      Object;
ULONG_PTR  UniqueProcessId;
ULONG_PTR  HandleValue;
ULONG      GrantedAccess;
USHORT     CreatorBackTraceIndex;
USHORT     ObjectTypeIndex;
ULONG      HandleAttributes;
ULONG      Reserved;

func QuerySystemHandles 

func QuerySystemHandles() ([]SystemHandleEntry, error)

QuerySystemHandles enumerates all open handles system-wide via NtQuerySystemInformation(SystemExtendedHandleInformation). The buffer size grows on STATUS_INFO_LENGTH_MISMATCH until it succeeds or exceeds the safety cap.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.