github.com/isyscore/isc-gobase@v1.5.3-0.20231218061332-cbc7451899e9/system/process/process_windows_amd64.go (about)

     1  //go:build windows
     2  
     3  package process
     4  
     5  import (
     6  	"github.com/isyscore/isc-gobase/system/common"
     7  	"golang.org/x/sys/windows"
     8  	"syscall"
     9  	"unsafe"
    10  )
    11  
    12  type PROCESS_MEMORY_COUNTERS struct {
    13  	CB                         uint32
    14  	PageFaultCount             uint32
    15  	PeakWorkingSetSize         uint64
    16  	WorkingSetSize             uint64
    17  	QuotaPeakPagedPoolUsage    uint64
    18  	QuotaPagedPoolUsage        uint64
    19  	QuotaPeakNonPagedPoolUsage uint64
    20  	QuotaNonPagedPoolUsage     uint64
    21  	PagefileUsage              uint64
    22  	PeakPagefileUsage          uint64
    23  }
    24  
    25  func queryPebAddress(procHandle syscall.Handle, is32BitProcess bool) (uint64, error) {
    26  	if is32BitProcess {
    27  		//we are on a 64-bit process reading an external 32-bit process
    28  		var wow64 uint
    29  
    30  		ret, _, _ := common.ProcNtQueryInformationProcess.Call(
    31  			uintptr(procHandle),
    32  			uintptr(common.ProcessWow64Information),
    33  			uintptr(unsafe.Pointer(&wow64)),
    34  			unsafe.Sizeof(wow64),
    35  			uintptr(0),
    36  		)
    37  		if status := windows.NTStatus(ret); status == windows.STATUS_SUCCESS {
    38  			return uint64(wow64), nil
    39  		} else {
    40  			return 0, windows.NTStatus(ret)
    41  		}
    42  	} else {
    43  		//we are on a 64-bit process reading an external 64-bit process
    44  		var info processBasicInformation64
    45  
    46  		ret, _, _ := common.ProcNtQueryInformationProcess.Call(
    47  			uintptr(procHandle),
    48  			uintptr(common.ProcessBasicInformation),
    49  			uintptr(unsafe.Pointer(&info)),
    50  			unsafe.Sizeof(info),
    51  			uintptr(0),
    52  		)
    53  		if status := windows.NTStatus(ret); status == windows.STATUS_SUCCESS {
    54  			return info.PebBaseAddress, nil
    55  		} else {
    56  			return 0, windows.NTStatus(ret)
    57  		}
    58  	}
    59  }
    60  
    61  func readProcessMemory(procHandle syscall.Handle, _ bool, address uint64, size uint) []byte {
    62  	var read uint
    63  
    64  	buffer := make([]byte, size)
    65  
    66  	ret, _, _ := common.ProcNtReadVirtualMemory.Call(
    67  		uintptr(procHandle),
    68  		uintptr(address),
    69  		uintptr(unsafe.Pointer(&buffer[0])),
    70  		uintptr(size),
    71  		uintptr(unsafe.Pointer(&read)),
    72  	)
    73  	if int(ret) >= 0 && read > 0 {
    74  		return buffer[:read]
    75  	}
    76  	return nil
    77  }