winutil

package
v0.0.2-0...-4ce78c8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2021 License: Apache-2.0, Apache-2.0 Imports: 10 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	// ProcessBasicInformation returns the PEB type
	ProcessBasicInformation = PROCESSINFOCLASS(0)
	// ProcessDebugPort included for completeness
	ProcessDebugPort = PROCESSINFOCLASS(7)
	// ProcessWow64Information included for completeness
	ProcessWow64Information = PROCESSINFOCLASS(26)
	// ProcessImageFileName included for completeness
	ProcessImageFileName = PROCESSINFOCLASS(27)
	// ProcessBreakOnTermination included for completeness
	ProcessBreakOnTermination = PROCESSINFOCLASS(29)
)
View Source 
const (
	AclRevisionInformationEnum = 1
	AclSizeInformationEnum     = 2
)
View Source 
const (
	ACCESS_ALLOWED_ACE_TYPE = 0
	ACCESS_DENIED_ACE_TYPE  = 1
)
View Source 
const (
	SE_UNKNOWN_OBJECT_TYPE = iota
	SE_FILE_OBJECT
	SE_SERVICE
	SE_PRINTER
	SE_REGISTRY_KEY
	SE_LMSHARE
	SE_KERNEL_OBJECT
	SE_WINDOW_OBJECT
	SE_DS_OBJECT
	SE_DS_OBJECT_ALL
	SE_PROVIDER_DEFINED_OBJECT
	SE_WMIGUID_OBJECT
	SE_REGISTRY_WOW64_32KEY
)

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593.aspx

View Source 
const (
	OWNER_SECURITY_INFORMATION               = 0x00001
	GROUP_SECURITY_INFORMATION               = 0x00002
	DACL_SECURITY_INFORMATION                = 0x00004
	SACL_SECURITY_INFORMATION                = 0x00008
	LABEL_SECURITY_INFORMATION               = 0x00010
	ATTRIBUTE_SECURITY_INFORMATION           = 0x00020
	SCOPE_SECURITY_INFORMATION               = 0x00040
	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00080
	BACKUP_SECURITY_INFORMATION              = 0x10000

	PROTECTED_DACL_SECURITY_INFORMATION   = 0x80000000
	PROTECTED_SACL_SECURITY_INFORMATION   = 0x40000000
	UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
	UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
)

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379573.aspx

Variables

View Source 
var (
	// this is the GUID definition from shlobj.h
	//DEFINE_KNOWN_FOLDER(FOLDERID_ProgramData,         0x62AB5D82, 0xFDC1, 0x4DC3, 0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97);
	FOLDERIDProgramData = GUID{0x62AB5D82, 0xFDC1, 0x4DC3, [8]byte{0xA9, 0xDD, 0x07, 0x0D, 0x1D, 0x49, 0x5D, 0x97}}
)

https://docs.microsoft.com/en-us/windows/desktop/shell/knownfolderid

FOLDERID_ProgramData GUID {62AB5D82-FDC1-4DC3-A9DD-070D1D495D97} Display Name ProgramData Folder Type FIXED Default Path %ALLUSERSPROFILE% (%ProgramData%, %SystemDrive%\ProgramData) CSIDL Equivalent CSIDL_COMMON_APPDATA Legacy Display Name Application Data Legacy Default Path %ALLUSERSPROFILE%\Application Data

Functions

func CoTaskMemFree 

func CoTaskMemFree(pv uintptr)

CoTaskMemFree free memory returned from SHGetKnownFolderPath

func ConvertASCIIString 

func ConvertASCIIString(input []byte) string

ConvertASCIIString converts a c-string into a go string

func ConvertWindowsString 

func ConvertWindowsString(winput []uint8) string

ConvertWindowsString converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)

func ConvertWindowsString16 

func ConvertWindowsString16(winput []uint16) string

ConvertWindowsString16 converts a windows c-string into a go string. Even though the input is array of uint8, the underlying data is expected to be uint16 (unicode)

func ConvertWindowsStringList 

func ConvertWindowsStringList(winput []uint16) []string

ConvertWindowsStringList Converts a windows-style C list of strings (single null terminated elements double-null indicates the end of the list) to an array of Go strings

func GetAce 

func GetAce(acl *Acl, index uint32, ace **AccessAllowedAce) error

GetAce calls Windows 'GetAce' function to obtain a pointer to an access control entry (ACE) in an access control list (ACL).

func GetAclInformation 

func GetAclInformation(acl *Acl, info *AclSizeInformation, class uint32) error

GetAclInformation calls windows 'GetAclInformation' function to retrieve information about an access control list (ACL).

func GetCommandLineForPid 

func GetCommandLineForPid(pid uint32) (cmdline string, err error)

GetCommandLineForPid returns the command line for the given PID

func GetCommandLineForProcess 

func GetCommandLineForProcess(h windows.Handle) (cmdline string, err error)

GetCommandLineForProcess returns the command line for the given process.

func GetNamedSecurityInfo 

func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl **Acl, secDesc *windows.Handle) error

GetNamedSecurityInfo calls Windows 'GetNamedSecurityInfo' function to retrieve a copy of the security descriptor for an object specified by name.

func GetProgramDataDir 

func GetProgramDataDir() (path string, err error)

GetProgramDataDir returns the current programdatadir, usually c:\programdata\Datadog

func GetProgramDataDirForProduct 

func GetProgramDataDirForProduct(product string) (path string, err error)

GetProgramDataDirForProduct returns the current programdatadir, usually c:\programdata\Datadog given a product key name

func GetWindowsBuildString 

func GetWindowsBuildString() (verstring string, err error)

GetWindowsBuildString retrieves the windows build version by querying the resource string as directed here https://msdn.microsoft.com/en-us/library/windows/desktop/ms724429(v=vs.85).aspx as of Windows 8.1, the core GetVersion() APIs have been changed to return the version of Windows manifested with the application, not the application version

func IsProcessElevated 

func IsProcessElevated() (bool, error)

IsProcessElevated opens the process token and checks elevation status, returning true if the process is elevated and false if not elevated.

func IsWow64Process 

func IsWow64Process(h windows.Handle) (is32bit bool, err error)

IsWow64Process determines if the specified process is running under WOW64 that is, if it's a 32 bit process running on 64 bit winodws

func LogEventViewer 

func LogEventViewer(servicename string, msgnum uint32, arg string)

LogEventViewer will open the event viewer API and log a single message to the event viewer. The string identified in the msgnum parameter must exist in the application's message catalog go log api only provides for a single argument to be passed, so can only include one positional argument

func NtQueryInformationProcess 

func NtQueryInformationProcess(h windows.Handle, class PROCESSINFOCLASS, target, size uintptr) (err error)

NtQueryInformationProcess wraps the Windows NT kernel call of the same name

func ReadProcessMemory 

func ReadProcessMemory(h windows.Handle, from, to uintptr, count uint32) (bytesRead uint64, err error)

ReadProcessMemory wraps the Windows kernel.dll function of the same name https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory

func SHGetKnownFolderPath 

func SHGetKnownFolderPath(rfid *GUID, dwFlags uint32, hToken windows.Handle, pszPath *uintptr) (retval error)

SHGetKnownFolderPath syscall to windows native SHGetKnownFOlderPath

Types

type AccessAllowedAce 

type AccessAllowedAce struct {
	AceType    uint8
	AceFlags   uint8
	AceSize    uint16
	AccessMask uint32
	SidStart   uint32
}

type Acl 

type Acl struct {
	AclRevision uint8
	Sbz1        uint8
	AclSize     uint16
	AceCount    uint16
	Sbz2        uint16
}

type AclSizeInformation 

type AclSizeInformation struct {
	AceCount      uint32
	AclBytesInUse uint32
	AclBytesFree  uint32
}

type GUID 

type GUID struct {
	Data1 uint32
	Data2 uint16
	Data3 uint16
	Data4 [8]byte
}

GUID is representation of the C GUID structure

type PROCESSINFOCLASS 

type PROCESSINFOCLASS uint32

PROCESSINFOCLASS is the Go representation of the above enum

type PagefileStat 

type PagefileStat struct {
	// The current committed memory limit for the system or
	// the current process, whichever is smaller, in bytes
	Total uint64

	// The maximum amount of memory the current process can commit, in bytes.
	// This value is equal to or smaller than the system-wide available commit
	// value.
	Available uint64

	// Used is Total - Available
	Used uint64

	// UsedPercent is used as a percentage of the total pagefile
	UsedPercent float64
}

PagefileStat contains basic metrics for the windows pagefile

func PagefileMemory 

func PagefileMemory() (*PagefileStat, error)

PagefileMemory returns paging (swap) file metrics

type SwapMemoryStat 

type SwapMemoryStat struct {
	Total       uint64
	Used        uint64
	Free        uint64
	UsedPercent float64
}

SwapMemoryStat contains swap statistics

func SwapMemory 

func SwapMemory() (*SwapMemoryStat, error)

SwapMemory returns swapfile statistics

type VirtualMemoryStat 

type VirtualMemoryStat struct {
	// Total amount of RAM on this system
	Total uint64

	// RAM available for programs to allocate
	//
	// This value is computed from the kernel specific values.
	Available uint64

	// RAM used by programs
	//
	// This value is computed from the kernel specific values.
	Used uint64

	// Percentage of RAM used by programs
	//
	// This value is computed from the kernel specific values.
	UsedPercent float64
}

VirtualMemoryStat contains basic metrics for virtual memory

func VirtualMemory 

func VirtualMemory() (*VirtualMemoryStat, error)

VirtualMemory returns virtual memory metrics for the machine

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.