gitlab.com/Raven-IO/raven-delve@v1.22.4/pkg/proc/native/syscall_windows.go (about) 1 //go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go 2 3 package native 4 5 import ( 6 "syscall" 7 ) 8 9 type _NTSTATUS int32 10 11 type _CLIENT_ID struct { 12 UniqueProcess syscall.Handle 13 UniqueThread syscall.Handle 14 } 15 16 type _THREAD_BASIC_INFORMATION struct { 17 ExitStatus _NTSTATUS 18 TebBaseAddress uintptr 19 ClientId _CLIENT_ID 20 AffinityMask uintptr 21 Priority int32 22 BasePriority int32 23 } 24 25 type _CREATE_PROCESS_DEBUG_INFO struct { 26 File syscall.Handle 27 Process syscall.Handle 28 Thread syscall.Handle 29 BaseOfImage uintptr 30 DebugInfoFileOffset uint32 31 DebugInfoSize uint32 32 ThreadLocalBase uintptr 33 StartAddress uintptr 34 ImageName uintptr 35 Unicode uint16 36 } 37 38 type _CREATE_THREAD_DEBUG_INFO struct { 39 Thread syscall.Handle 40 ThreadLocalBase uintptr 41 StartAddress uintptr 42 } 43 44 type _EXIT_PROCESS_DEBUG_INFO struct { 45 ExitCode uint32 46 } 47 48 type _LOAD_DLL_DEBUG_INFO struct { 49 File syscall.Handle 50 BaseOfDll uintptr 51 DebugInfoFileOffset uint32 52 DebugInfoSize uint32 53 ImageName uintptr 54 Unicode uint16 55 } 56 57 type _EXCEPTION_DEBUG_INFO struct { 58 ExceptionRecord _EXCEPTION_RECORD 59 FirstChance uint32 60 } 61 62 type _EXCEPTION_RECORD struct { 63 ExceptionCode uint32 64 ExceptionFlags uint32 65 ExceptionRecord *_EXCEPTION_RECORD 66 ExceptionAddress uintptr 67 NumberParameters uint32 68 ExceptionInformation [_EXCEPTION_MAXIMUM_PARAMETERS]uintptr 69 } 70 71 type _MEMORY_BASIC_INFORMATION struct { 72 BaseAddress uintptr 73 AllocationBase uintptr 74 AllocationProtect uint32 75 PartitionId uint16 76 RegionSize uint64 77 State uint32 78 Protect uint32 79 Type uint32 80 } 81 82 const ( 83 _ThreadBasicInformation = 0 84 85 _DBG_CONTINUE = 0x00010002 86 _DBG_EXCEPTION_NOT_HANDLED = 0x80010001 87 88 _EXCEPTION_DEBUG_EVENT = 1 89 _CREATE_THREAD_DEBUG_EVENT = 2 90 _CREATE_PROCESS_DEBUG_EVENT = 3 91 _EXIT_THREAD_DEBUG_EVENT = 4 92 _EXIT_PROCESS_DEBUG_EVENT = 5 93 _LOAD_DLL_DEBUG_EVENT = 6 94 _UNLOAD_DLL_DEBUG_EVENT = 7 95 _OUTPUT_DEBUG_STRING_EVENT = 8 96 _RIP_EVENT = 9 97 98 // DEBUG_ONLY_THIS_PROCESS and _DEBUG_PROCESS tracks https://msdn.microsoft.com/en-us/library/windows/desktop/ms684863(v=vs.85).aspx 99 _DEBUG_ONLY_THIS_PROCESS = 0x00000002 100 _DEBUG_PROCESS = 0x00000001 101 102 _EXCEPTION_BREAKPOINT = 0x80000003 103 _EXCEPTION_SINGLE_STEP = 0x80000004 104 105 _EXCEPTION_MAXIMUM_PARAMETERS = 15 106 107 _MEM_FREE = 0x10000 108 _MEM_RESERVE = 0x2000 109 110 _PAGE_EXECUTE = 0x10 111 _PAGE_EXECUTE_READ = 0x20 112 _PAGE_EXECUTE_READWRITE = 0x40 113 _PAGE_EXECUTE_WRITECOPY = 0x80 114 _PAGE_NOACCESS = 0x01 115 _PAGE_READONLY = 0x02 116 _PAGE_READWRITE = 0x04 117 _PAGE_WRITECOPY = 0x08 118 119 _PAGE_GUARD = 0x100 120 ) 121 122 func _NT_SUCCESS(x _NTSTATUS) bool { 123 return x >= 0 124 } 125 126 type _DEBUG_EVENT struct { 127 DebugEventCode uint32 128 ProcessId uint32 129 ThreadId uint32 130 _ uint32 // to align Union properly 131 U [160]byte 132 } 133 134 //sys _NtQueryInformationThread(threadHandle syscall.Handle, infoclass int32, info uintptr, infolen uint32, retlen *uint32) (status _NTSTATUS) = ntdll.NtQueryInformationThread 135 //sys _GetThreadContext(thread syscall.Handle, context *_CONTEXT) (err error) = kernel32.GetThreadContext 136 //sys _SetThreadContext(thread syscall.Handle, context *_CONTEXT) (err error) = kernel32.SetThreadContext 137 //sys _SuspendThread(threadid syscall.Handle) (prevsuspcount uint32, err error) [failretval==0xffffffff] = kernel32.SuspendThread 138 //sys _ResumeThread(threadid syscall.Handle) (prevsuspcount uint32, err error) [failretval==0xffffffff] = kernel32.ResumeThread 139 //sys _ContinueDebugEvent(processid uint32, threadid uint32, continuestatus uint32) (err error) = kernel32.ContinueDebugEvent 140 //sys _WriteProcessMemory(process syscall.Handle, baseaddr uintptr, buffer *byte, size uintptr, byteswritten *uintptr) (err error) = kernel32.WriteProcessMemory 141 //sys _ReadProcessMemory(process syscall.Handle, baseaddr uintptr, buffer *byte, size uintptr, bytesread *uintptr) (err error) = kernel32.ReadProcessMemory 142 //sys _DebugBreakProcess(process syscall.Handle) (err error) = kernel32.DebugBreakProcess 143 //sys _WaitForDebugEvent(debugevent *_DEBUG_EVENT, milliseconds uint32) (err error) = kernel32.WaitForDebugEvent 144 //sys _DebugActiveProcess(processid uint32) (err error) = kernel32.DebugActiveProcess 145 //sys _DebugActiveProcessStop(processid uint32) (err error) = kernel32.DebugActiveProcessStop 146 //sys _QueryFullProcessImageName(process syscall.Handle, flags uint32, exename *uint16, size *uint32) (err error) = kernel32.QueryFullProcessImageNameW 147 //sys _VirtualQueryEx(process syscall.Handle, addr uintptr, buffer *_MEMORY_BASIC_INFORMATION, length uintptr) (lengthOut uintptr) = kernel32.VirtualQueryEx 148 //sys _IsWow64Process(process syscall.Handle, wow64process *uint32) (ok uint32) = kernel32.IsWow64Process