Documentation ¶
Index ¶
- func GetAlpcInformation(handle handle.Handle, klass AlpcInformationClass, buf []byte) error
- func Query(handle handle.Handle, klass InformationClass, buf []byte) (uint32, error)
- func QueryMutant(handle handle.Handle, klass MutantInformationClass, buf []byte) error
- type AlpcInformationClass
- type Event
- type InformationClass
- type MutantInformationClass
- type NameInformation
- type ProcessHandleSnapshotInformation
- type ProcessHandleTableEntryInfo
- type SystemHandleInformationEx
- type SystemHandleTableEntryInfoEx
- type TypeInformation
- type TypesInformation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAlpcInformation ¶
func GetAlpcInformation(handle handle.Handle, klass AlpcInformationClass, buf []byte) error
GetAlpcInformation gets specified information for the ALPC handle.
func QueryMutant ¶
func QueryMutant(handle handle.Handle, klass MutantInformationClass, buf []byte) error
QueryMutant gets mutant detalied information according to the information class.
Types ¶
type AlpcInformationClass ¶
type AlpcInformationClass uint8
AlpcInformationClass defines the type for the ALPC information class values.
const ( // AlpcBasicPortInfo obtains basic ALPC port information AlpcBasicPortInfo AlpcInformationClass = iota )
type Event ¶
type Event uintptr
Event is the type alias for event objects.
type InformationClass ¶
type InformationClass uint8
InformationClass is the type alias for object information classes.
const ( // NameInformationClass returns the object name information. NameInformationClass InformationClass = 1 // TypeInformationClass returns the object type information. TypeInformationClass InformationClass = 2 // TypesInformationClass returns handle object types. TypesInformationClass InformationClass = 3 // SystemHandleInformationClass returns allocated system handles. SystemHandleInformationClass = 16 // SystemExtendedHandleInformation returns extended allocated system handles. SystemExtendedHandleInformation = 64 )
type MutantInformationClass ¶
type MutantInformationClass uint8
MutantInformationClass is the type alias for the mutant information class.
const ( // MutantBasicInfo is the information class for getting mutant basic information. MutantBasicInfo MutantInformationClass = iota )
type NameInformation ¶
type NameInformation struct {
ObjectName utf16.UnicodeString
}
NameInformation sotres object name information.
type ProcessHandleSnapshotInformation ¶
type ProcessHandleSnapshotInformation struct { NumberOfHandles uintptr Reserved uintptr Handles [1]ProcessHandleTableEntryInfo }
ProcessHandleSnapshotInformation is the structure that holds the process handle table.
type ProcessHandleTableEntryInfo ¶
type ProcessHandleTableEntryInfo struct { Handle handle.Handle HandleCount uintptr PointerCount uintptr GrantedAccess uint32 ObjectTypeIndex uint32 HandleAttributes uint32 Reserved uint32 }
ProcessHandleTableEntryInfo is the structure that describes the process handle entry.
type SystemHandleInformationEx ¶
type SystemHandleInformationEx struct { NumberOfHandles uintptr Reserved uintptr Handles [1]SystemHandleTableEntryInfoEx }
SystemHandleInformationEx is the structures that holds the process handle table.
type SystemHandleTableEntryInfoEx ¶
type SystemHandleTableEntryInfoEx struct { Object uint64 ProcessID uintptr Handle handle.Handle GrantedAccess uint32 CreatorBackTraceIndex uint8 ObjectTypeIndex uint8 HandleAttributes uint32 Reserved uint32 }
SystemHandleTableEntryInfoEx is the structure that describes the process handle entry.
type TypeInformation ¶
type TypeInformation struct { TypeName utf16.UnicodeString TotalNumberOfObjects uint32 TotalNumberOfHandles uint32 TotalPagedPoolUsage uint32 TotalNonPagedPoolUsage uint32 TotalNamePoolUsage uint32 TotalHandleTableUsage uint32 HighWaterNumberOfObjects uint32 HighWaterNumberOfHandles uint32 HighWaterPagedPoolUsage uint32 HighWaterNonPagedPoolUsage uint32 HighWaterNamePoolUsage uint32 HighWaterHandleTableUsage uint32 InvalidAttributes uint32 GenericMapping genericMapping ValidAccessMask uint32 SecurityRequired bool MaintainHandleCount bool TypeIndex uint8 ReservedByte int8 PoolType uint32 DefaultPagedPoolCharge uint32 DefaultNonPagedPoolCharge uint32 }
TypeInformation contains object type data.
type TypesInformation ¶
type TypesInformation struct {
NumberOfTypes uint32
}
TypesInformation stores the number of resolved object type names.