-
Notifications
You must be signed in to change notification settings - Fork 0
/
process.go
136 lines (122 loc) · 3.5 KB
/
process.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
package gportstate
import "C"
import (
"fmt"
"strconv"
"syscall"
"unsafe"
)
type ulong int32
type ulong_ptr uintptr
type PROCESSENTRY32 struct {
dwSize ulong
cntUsage ulong
th32ProcessID ulong
th32DefaultHeapID ulong_ptr
th32ModuleID ulong
cntThreads ulong
th32ParentProcessID ulong
pcPriClassBase ulong
dwFlags ulong
szExeFile [260]byte
}
type MODULEENTRY32 struct {
dwSize ulong
moduleID ulong
processID ulong
glblcntUsage ulong
proccntUsage ulong
modBaseAddr *byte
modBaseSize ulong
hModule uintptr
//szUnknown [16]byte
szModule [255 + 1]byte
szExePath [260]byte
}
type ProcessInfo struct {
Name string
Path string
}
type Snapshot map[ulong]ProcessInfo
func NewSnapshot() *Snapshot {
ret := make(Snapshot, 0)
kernel32 := syscall.NewLazyDLL("kernel32.dll")
CreateToolhelp32Snapshot := kernel32.NewProc("CreateToolhelp32Snapshot")
pHandle, _, _ := CreateToolhelp32Snapshot.Call(uintptr(0x2), uintptr(0x0))
if int(pHandle) == -1 {
return &ret
}
Process32Next := kernel32.NewProc("Process32Next")
for {
var proc PROCESSENTRY32
proc.dwSize = ulong(unsafe.Sizeof(proc))
if rt, _, _ := Process32Next.Call(uintptr(pHandle), uintptr(unsafe.Pointer(&proc))); int(rt) == 1 {
var pi ProcessInfo
cs := C.CString(string(proc.szExeFile[0:]))
pi.Name = C.GoString(cs) //string(proc.szExeFile[0:])
pi.Path = getProcessPath(proc.th32ProcessID)
ret[proc.th32ProcessID] = pi
} else {
break
}
}
CloseHandle := kernel32.NewProc("CloseHandle")
_, _, _ = CloseHandle.Call(pHandle)
return &ret
}
func (s *Snapshot) Name(pid ulong) string {
pi, ok := (*s)[ulong(pid)]
if ok {
return fmt.Sprintf("%s", pi.Name)
}
return fmt.Sprintf("[%d]", pid)
}
func (s *Snapshot) Print() {
fmt.Println("ProcessList")
for pid, info := range *s {
fmt.Println("ProcessID : " + strconv.Itoa(int(pid)))
fmt.Println("ProcessName : " + info.Name)
fmt.Println("ProcessPath : " + info.Path)
fmt.Println("")
}
}
func PrintProcessInfo() {
kernel32 := syscall.NewLazyDLL("kernel32.dll")
CreateToolhelp32Snapshot := kernel32.NewProc("CreateToolhelp32Snapshot")
pHandle, _, _ := CreateToolhelp32Snapshot.Call(uintptr(0x2), uintptr(0x0))
if int(pHandle) == -1 {
return
}
Process32Next := kernel32.NewProc("Process32Next")
for {
var proc PROCESSENTRY32
proc.dwSize = ulong(unsafe.Sizeof(proc))
if rt, _, _ := Process32Next.Call(uintptr(pHandle), uintptr(unsafe.Pointer(&proc))); int(rt) == 1 {
fmt.Println("ProcessName : " + string(proc.szExeFile[0:]))
fmt.Println("ProcessID : " + strconv.Itoa(int(proc.th32ProcessID)))
} else {
break
}
}
CloseHandle := kernel32.NewProc("CloseHandle")
_, _, _ = CloseHandle.Call(pHandle)
}
func getProcessPath(pid ulong) string {
kernel32 := syscall.NewLazyDLL("kernel32.dll")
CreateToolhelp32Snapshot := kernel32.NewProc("CreateToolhelp32Snapshot")
pHandle, _, _ := CreateToolhelp32Snapshot.Call(uintptr(0x8), uintptr(pid))
if int(pHandle) == -1 {
return ""
}
Module32First := kernel32.NewProc("Module32First")
var mod MODULEENTRY32
mod.dwSize = ulong(unsafe.Sizeof(mod))
if rt, _, _ := Module32First.Call(uintptr(pHandle), uintptr(unsafe.Pointer(&mod))); int(rt) == 1 {
//fmt.Printf("szModule" + string(mod.szModule[0:]))
cs := C.CString(string(mod.szExePath[0:]))
return C.GoString(cs) //string(mod.szExePath[0:]) //stringFromUnicode16(&mod.szExePath[0])
}
CloseHandle := kernel32.NewProc("CloseHandle")
_, _, _ = CloseHandle.Call(pHandle)
return ""
}