utils

package

v0.0.0-...-8d79cda Latest Latest Go to latest Published: Apr 7, 2025 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/omaidf/go-malware

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AllocateMemory(processHandle windows.Handle, size uintptr) (uintptr, error)
func CreateRemoteThreadInProcess(processHandle windows.Handle, startAddress uintptr, parameter uintptr) (windows.Handle, error)
func EnablePrivilege(privilegeName string) error
func OpenProcessWithAccess(pid uint32, desiredAccess uint32) (windows.Handle, error)
func StringToUTF16Ptr(s string) *uint16
func WriteMemory(processHandle windows.Handle, addr uintptr, data []byte) error

Constants ¶

View Source

const (
	PROCESS_CREATE_THREAD     = 0x0002
	PROCESS_QUERY_INFORMATION = 0x0400
	PROCESS_VM_OPERATION      = 0x0008
	PROCESS_VM_WRITE          = 0x0020
	PROCESS_VM_READ           = 0x0010
	SE_PRIVILEGE_ENABLED      = 0x00000002
	TOKEN_ADJUST_PRIVILEGES   = 0x00000020
	TOKEN_QUERY               = 0x00000008
)

Windows API constants

Variables ¶

View Source

var (
	Kernel32 = windows.NewLazySystemDLL("kernel32.dll")
	Advapi32 = windows.NewLazySystemDLL("advapi32.dll")
	Ntdll    = windows.NewLazySystemDLL("ntdll.dll")
	Secur32  = windows.NewLazySystemDLL("secur32.dll")
)

Windows API DLLs

View Source

var (
	VirtualAllocEx        = Kernel32.NewProc("VirtualAllocEx")
	WriteProcessMemory    = Kernel32.NewProc("WriteProcessMemory")
	CreateRemoteThread    = Kernel32.NewProc("CreateRemoteThread")
	CredEnumerateW        = Advapi32.NewProc("CredEnumerateW")
	AdjustTokenPrivileges = Advapi32.NewProc("AdjustTokenPrivileges")
	LookupPrivilegeValueW = Advapi32.NewProc("LookupPrivilegeValueW")
)

Windows API functions

Functions ¶

func AllocateMemory ¶

func AllocateMemory(processHandle windows.Handle, size uintptr) (uintptr, error)

AllocateMemory allocates memory in a target process

func CreateRemoteThreadInProcess ¶

func CreateRemoteThreadInProcess(processHandle windows.Handle, startAddress uintptr, parameter uintptr) (windows.Handle, error)

CreateRemoteThreadInProcess creates a remote thread in the target process

func EnablePrivilege ¶

func EnablePrivilege(privilegeName string) error

EnablePrivilege enables a specific privilege for the current process

func OpenProcessWithAccess ¶

func OpenProcessWithAccess(pid uint32, desiredAccess uint32) (windows.Handle, error)

OpenProcessWithAccess opens a process with the specified access rights

func StringToUTF16Ptr ¶

func StringToUTF16Ptr(s string) *uint16

StringToUTF16Ptr converts a Go string to a Windows UTF-16 pointer

func WriteMemory ¶

func WriteMemory(processHandle windows.Handle, addr uintptr, data []byte) error

WriteMemory writes data to a process's memory

Types ¶

This section is empty.

Source Files ¶

View all Source files

windows.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL