Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
O
ox
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
itchio
ox
Commits
925aca74
Commit
925aca74
authored
Mar 19, 2019
by
Amos Wenger
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add a bunch of endpoints
parent
ce3399ec
Pipeline
#13655
failed with stage
in 16 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
244 additions
and
24 deletions
+244
-24
advapi32_windows.go
syscallex/advapi32_windows.go
+65
-0
kernel32_windows.go
syscallex/kernel32_windows.go
+179
-24
No files found.
syscallex/advapi32_windows.go
View file @
925aca74
...
...
@@ -57,6 +57,9 @@ var (
procSetFileSecurityW
=
modadvapi32
.
NewProc
(
"SetFileSecurityW"
)
procAccessCheck
=
modadvapi32
.
NewProc
(
"AccessCheck"
)
procMapGenericMask
=
modadvapi32
.
NewProc
(
"MapGenericMask"
)
procLookupPrivilegeValueW
=
modadvapi32
.
NewProc
(
"LookupPrivilegeValueW"
)
procAdjustTokenPrivileges
=
modadvapi32
.
NewProc
(
"AdjustTokenPrivileges"
)
)
func
CreateProcessWithLogon
(
...
...
@@ -667,3 +670,65 @@ func MapGenericMask(
0
,
)
}
func
LookupPrivilegeValue
(
systemname
*
uint16
,
name
*
uint16
,
luid
*
LUID
)
(
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall
(
procLookupPrivilegeValueW
.
Addr
(),
3
,
uintptr
(
unsafe
.
Pointer
(
systemname
)),
uintptr
(
unsafe
.
Pointer
(
name
)),
uintptr
(
unsafe
.
Pointer
(
luid
)),
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
func
AdjustTokenPrivileges
(
token
syscall
.
Token
,
disableAllPrivileges
bool
,
newstate
*
TOKEN_PRIVILEGES
,
buflen
uint32
,
prevstate
*
TOKEN_PRIVILEGES
,
returnlen
*
uint32
)
(
ret
uint32
,
err
error
)
{
var
_p0
uint32
if
disableAllPrivileges
{
_p0
=
1
}
else
{
_p0
=
0
}
r0
,
_
,
e1
:=
syscall
.
Syscall6
(
procAdjustTokenPrivileges
.
Addr
(),
6
,
uintptr
(
token
),
uintptr
(
_p0
),
uintptr
(
unsafe
.
Pointer
(
newstate
)),
uintptr
(
buflen
),
uintptr
(
unsafe
.
Pointer
(
prevstate
)),
uintptr
(
unsafe
.
Pointer
(
returnlen
)))
ret
=
uint32
(
r0
)
if
true
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
type
LUID
struct
{
LowPart
uint32
HighPart
int32
}
type
LUID_AND_ATTRIBUTES
struct
{
Luid
LUID
Attributes
uint32
}
type
TOKEN_PRIVILEGES
struct
{
PrivilegeCount
uint32
Privileges
[
1
]
LUID_AND_ATTRIBUTES
}
const
(
TOKEN_ADJUST_PRIVILEGES
=
0x0020
SE_PRIVILEGE_ENABLED
=
0x00000002
)
var
(
SE_DEBUG_NAME
=
syscall
.
StringToUTF16Ptr
(
"SeAuditPrivilege"
)
)
syscallex/kernel32_windows.go
View file @
925aca74
package
syscallex
import
(
"runtime"
"syscall"
"unsafe"
"golang.org/x/sys/windows"
)
var
(
modkernel32
=
windows
.
NewLazySystemDLL
(
"kernel32.dll"
)
procCreateJobObject
=
modkernel32
.
NewProc
(
"CreateJobObjectW"
)
procSetInformationJobObject
=
modkernel32
.
NewProc
(
"SetInformationJobObject"
)
procQueryInformationJobObject
=
modkernel32
.
NewProc
(
"QueryInformationJobObject"
)
procAssignProcessToJobObject
=
modkernel32
.
NewProc
(
"AssignProcessToJobObject"
)
procGetCurrentThread
=
modkernel32
.
NewProc
(
"GetCurrentThread"
)
procOpenThreadToken
=
modkernel32
.
NewProc
(
"OpenThreadToken"
)
procGetDiskFreeSpaceExW
=
modkernel32
.
NewProc
(
"GetDiskFreeSpaceExW"
)
procOpenThread
=
modkernel32
.
NewProc
(
"OpenThread"
)
procSuspendThread
=
modkernel32
.
NewProc
(
"SuspendThread"
)
procResumeThread
=
modkernel32
.
NewProc
(
"ResumeThread"
)
procThread32First
=
modkernel32
.
NewProc
(
"Thread32First"
)
procThread32Next
=
modkernel32
.
NewProc
(
"Thread32Next"
)
procCreateToolhelp32Snapshot
=
modkernel32
.
NewProc
(
"CreateToolhelp32Snapshot"
)
procProcess32FirstW
=
modkernel32
.
NewProc
(
"Process32FirstW"
)
procProcess32NextW
=
modkernel32
.
NewProc
(
"Process32NextW"
)
procQueryFullProcessImageNameW
=
modkernel32
.
NewProc
(
"QueryFullProcessImageNameW"
)
procVirtualAllocEx
=
modkernel32
.
NewProc
(
"VirtualAllocEx"
)
procWriteProcessMemory
=
modkernel32
.
NewProc
(
"WriteProcessMemory"
)
procCreateRemoteThread
=
modkernel32
.
NewProc
(
"CreateRemoteThread"
)
procVirtualFreeEx
=
modkernel32
.
NewProc
(
"VirtualFreeEx"
)
procGetExitCodeThread
=
modkernel32
.
NewProc
(
"GetExitCodeThread"
)
)
// JobObjectInfoClass
// cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms686216%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
const
(
...
...
@@ -71,30 +103,6 @@ type ProcessEntry32 struct {
ExeFile
[
MAX_PATH
]
uint16
}
var
(
modkernel32
=
windows
.
NewLazySystemDLL
(
"kernel32.dll"
)
procCreateJobObject
=
modkernel32
.
NewProc
(
"CreateJobObjectW"
)
procSetInformationJobObject
=
modkernel32
.
NewProc
(
"SetInformationJobObject"
)
procQueryInformationJobObject
=
modkernel32
.
NewProc
(
"QueryInformationJobObject"
)
procAssignProcessToJobObject
=
modkernel32
.
NewProc
(
"AssignProcessToJobObject"
)
procGetCurrentThread
=
modkernel32
.
NewProc
(
"GetCurrentThread"
)
procOpenThreadToken
=
modkernel32
.
NewProc
(
"OpenThreadToken"
)
procGetDiskFreeSpaceExW
=
modkernel32
.
NewProc
(
"GetDiskFreeSpaceExW"
)
procOpenThread
=
modkernel32
.
NewProc
(
"OpenThread"
)
procResumeThread
=
modkernel32
.
NewProc
(
"ResumeThread"
)
procThread32First
=
modkernel32
.
NewProc
(
"Thread32First"
)
procThread32Next
=
modkernel32
.
NewProc
(
"Thread32Next"
)
procCreateToolhelp32Snapshot
=
modkernel32
.
NewProc
(
"CreateToolhelp32Snapshot"
)
procProcess32FirstW
=
modkernel32
.
NewProc
(
"Process32FirstW"
)
procProcess32NextW
=
modkernel32
.
NewProc
(
"Process32NextW"
)
procQueryFullProcessImageNameW
=
modkernel32
.
NewProc
(
"QueryFullProcessImageNameW"
)
)
func
CreateJobObject
(
jobAttributes
*
syscall
.
SecurityAttributes
,
name
*
uint16
,
...
...
@@ -285,6 +293,30 @@ func OpenThread(
return
}
func
SuspendThread
(
thread
syscall
.
Handle
,
)
(
retCount
uint32
,
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall
(
procSuspendThread
.
Addr
(),
1
,
uintptr
(
thread
),
0
,
0
,
)
minusOne
:=
int
(
-
1
)
if
r1
==
uintptr
(
minusOne
)
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
else
{
retCount
=
uint32
(
r1
)
}
return
}
func
ResumeThread
(
thread
syscall
.
Handle
,
)
(
retCount
uint32
,
err
error
)
{
...
...
@@ -444,3 +476,126 @@ func QueryFullProcessImageName(
}
return
}
const
(
MEM_COMMIT
=
0x00001000
MEM_RESERVE
=
0x00002000
PAGE_READWRITE
=
0x04
)
func
VirtualAllocEx
(
process
syscall
.
Handle
,
address
uintptr
,
size
uintptr
,
allocationType
uint32
,
protect
uint32
,
)
(
res
uintptr
,
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall6
(
procVirtualAllocEx
.
Addr
(),
5
,
uintptr
(
process
),
address
,
uintptr
(
size
),
uintptr
(
allocationType
),
uintptr
(
protect
),
0
,
)
res
=
uintptr
(
r1
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
func
WriteProcessMemory
(
process
syscall
.
Handle
,
addr
uintptr
,
buf
unsafe
.
Pointer
,
size
uint32
)
(
nLength
uint32
,
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall6
(
procWriteProcessMemory
.
Addr
(),
5
,
uintptr
(
process
),
addr
,
uintptr
(
buf
),
uintptr
(
size
),
uintptr
(
unsafe
.
Pointer
(
&
nLength
)),
0
,
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
func
CreateRemoteThread
(
process
syscall
.
Handle
,
sa
*
syscall
.
SecurityAttributes
,
stackSize
uint32
,
startAddress
,
parameter
uintptr
,
creationFlags
uint32
)
(
ret
syscall
.
Handle
,
threadId
uint32
,
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall9
(
procCreateRemoteThread
.
Addr
(),
7
,
uintptr
(
process
),
uintptr
(
unsafe
.
Pointer
(
sa
)),
uintptr
(
stackSize
),
startAddress
,
parameter
,
uintptr
(
creationFlags
),
uintptr
(
unsafe
.
Pointer
(
&
threadId
)),
0
,
0
,
)
runtime
.
KeepAlive
(
sa
)
ret
=
syscall
.
Handle
(
r1
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
const
(
MEM_RELEASE
=
0x8000
)
func
VirtualFreeEx
(
process
syscall
.
Handle
,
addr
uintptr
,
size
,
freeType
uint32
)
(
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall6
(
procVirtualFreeEx
.
Addr
(),
4
,
uintptr
(
process
),
addr
,
uintptr
(
size
),
uintptr
(
freeType
),
0
,
0
,
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
func
GetExitCodeThread
(
thread
syscall
.
Handle
)
(
exitCode
uint32
,
err
error
)
{
r1
,
_
,
e1
:=
syscall
.
Syscall
(
procGetExitCodeThread
.
Addr
(),
2
,
uintptr
(
thread
),
uintptr
(
unsafe
.
Pointer
(
&
exitCode
)),
0
,
)
if
r1
==
0
{
if
e1
!=
0
{
err
=
e1
}
else
{
err
=
syscall
.
EINVAL
}
}
return
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment