package win32api import "syscall" type Ulong int32 type Ulong_ptr uintptr const ( LOCKFILE_EXCLUSIVE_LOCK DWORD = 0x00000002 LOCKFILE_FAIL_IMMEDIATELY DWORD = 0x00000001 ) type PROCESSENTRY32 struct { DwSize Ulong CntUsage Ulong Th32ProcessID Ulong Th32DefaultHeapID Ulong_ptr Th32ModuleID Ulong CntThreads Ulong Th32ParentProcessID Ulong PcPriClassBase Ulong DwFlags Ulong SzExeFile [260]byte } type THREADENTRY32 struct { DwSize DWORD CntUsage DWORD Th32ThreadID DWORD Th32OwnerProcessID DWORD TpBasePri int32 TpDeltaPri int32 DwFlags DWORD } type MODULEENTRY32W struct { DwSize DWORD Th32ModuleID DWORD Th32ProcessID DWORD GlblcntUsage DWORD ProccntUsage DWORD ModBaseAddr uintptr ModBaseSize DWORD HModule HMODULE SzModule [MAX_MODULE_NAME32 + 1]uint16 SzExePath [syscall.MAX_PATH]uint16 } type M128A struct { Low uint64 High int64 } // AMD64_CONTEXT mirrors the Windows x64 CONTEXT layout closely enough for // GetThreadContext/SetThreadContext on amd64 processes. type AMD64_CONTEXT struct { P1Home uint64 P2Home uint64 P3Home uint64 P4Home uint64 P5Home uint64 P6Home uint64 ContextFlags DWORD MxCsr DWORD SegCs WORD SegDs WORD SegEs WORD SegFs WORD SegGs WORD SegSs WORD EFlags DWORD Dr0 uint64 Dr1 uint64 Dr2 uint64 Dr3 uint64 Dr6 uint64 Dr7 uint64 Rax uint64 Rcx uint64 Rdx uint64 Rbx uint64 Rsp uint64 Rbp uint64 Rsi uint64 Rdi uint64 R8 uint64 R9 uint64 R10 uint64 R11 uint64 R12 uint64 R13 uint64 R14 uint64 R15 uint64 Rip uint64 ExtendedRegisters [512]byte VectorRegister [26]M128A VectorControl uint64 DebugControl uint64 LastBranchToRip uint64 LastBranchFromRip uint64 LastExceptionToRip uint64 LastExceptionFromRip uint64 } type DEBUG_EVENT_HEADER struct { DwDebugEventCode DWORD DwProcessId DWORD DwThreadId DWORD } type DebugEventInfo struct { Header DEBUG_EVENT_HEADER CodeName string } type MEMORYSTATUSEX struct { DwLength DWORD DwMemoryLoad DWORD UllTotalPhys DWORDLONG UllAvailPhys DWORDLONG UllTotalPageFile DWORDLONG UllAvailPageFile DWORDLONG UllTotalVirtual DWORDLONG UllAvailVirtual DWORDLONG UllAvailExtendedVirtual DWORDLONG } type MEMORY_BASIC_INFORMATION struct { BaseAddress uintptr AllocationBase uintptr AllocationProtect DWORD RegionSize uintptr State DWORD Protect DWORD Type DWORD } type USN_JOURNAL_DATA struct { UsnJournalID DWORDLONG FirstUsn USN NextUsn USN LowestValidUsn USN MaxUsn USN MaximumSize DWORDLONG AllocationDelta DWORDLONG } type READ_USN_JOURNAL_DATA struct { StartUsn USN ReasonMask DWORD ReturnOnlyOnClose DWORD Timeout DWORDLONG BytesToWaitFor DWORDLONG UsnJournalID DWORDLONG } type USN_RECORD struct { RecordLength DWORD MajorVersion WORD MinorVersion WORD FileReferenceNumber DWORDLONG ParentFileReferenceNumber DWORDLONG Usn USN TimeStamp LARGE_INTEGER Reason DWORD SourceInfo DWORD SecurityId DWORD FileAttributes DWORD FileNameLength WORD FileNameOffset WORD FileName [1]WCHAR } type MFT_ENUM_DATA struct { StartFileReferenceNumber DWORDLONG LowUsn USN HighUsn USN } const ( TH32CS_SNAPPROCESS DWORD = 0x00000002 TH32CS_SNAPTHREAD DWORD = 0x00000004 TH32CS_SNAPMODULE DWORD = 0x00000008 TH32CS_SNAPMODULE32 DWORD = 0x00000010 FSCTL_ENUM_USN_DATA = 0x900B3 FSCTL_QUERY_USN_JOURNAL = 0x900F4 FSCTL_READ_USN_JOURNAL = 0x900BB O_RDONLY = syscall.O_RDONLY O_RDWR = syscall.O_RDWR O_CREAT = syscall.O_CREAT O_WRONLY = syscall.O_WRONLY GENERIC_READ = syscall.GENERIC_READ GENERIC_WRITE = syscall.GENERIC_WRITE FILE_APPEND_DATA = syscall.FILE_APPEND_DATA FILE_SHARE_READ = syscall.FILE_SHARE_READ FILE_SHARE_WRITE = syscall.FILE_SHARE_WRITE ERROR_NO_MORE_FILES = syscall.ERROR_NO_MORE_FILES ERROR_FILE_NOT_FOUND = syscall.ERROR_FILE_NOT_FOUND O_APPEND = syscall.O_APPEND O_CLOEXEC = syscall.O_CLOEXEC O_EXCL = syscall.O_EXCL O_TRUNC = syscall.O_TRUNC CREATE_ALWAYS = syscall.CREATE_ALWAYS CREATE_NEW = syscall.CREATE_NEW OPEN_ALWAYS = syscall.OPEN_ALWAYS TRUNCATE_EXISTING = syscall.TRUNCATE_EXISTING OPEN_EXISTING = syscall.OPEN_EXISTING FILE_ATTRIBUTE_NORMAL = syscall.FILE_ATTRIBUTE_NORMAL FILE_FLAG_BACKUP_SEMANTICS = syscall.FILE_FLAG_BACKUP_SEMANTICS FILE_ATTRIBUTE_DIRECTORY = syscall.FILE_ATTRIBUTE_DIRECTORY MAX_LONG_PATH = syscall.MAX_LONG_PATH ) const ( MAX_MODULE_NAME32 = 255 ) const ( PROCESS_CREATE_THREAD DWORD = 0x0002 PROCESS_TERMINATE DWORD = 0x0001 PROCESS_VM_OPERATION DWORD = 0x0008 PROCESS_VM_READ DWORD = 0x0010 PROCESS_VM_WRITE DWORD = 0x0020 PROCESS_QUERY_INFORMATION DWORD = 0x0400 PROCESS_QUERY_LIMITED_INFORMATION DWORD = 0x1000 PROCESS_SUSPEND_RESUME DWORD = 0x0800 SYNCHRONIZE DWORD = 0x00100000 PROCESS_NAME_NATIVE DWORD = 0x00000001 ) const ( THREAD_TERMINATE DWORD = 0x0001 THREAD_SUSPEND_RESUME DWORD = 0x0002 THREAD_GET_CONTEXT DWORD = 0x0008 THREAD_SET_CONTEXT DWORD = 0x0010 THREAD_QUERY_INFORMATION DWORD = 0x0040 THREAD_SET_INFORMATION DWORD = 0x0020 THREAD_QUERY_LIMITED_INFO DWORD = 0x0800 THREAD_SET_LIMITED_INFO DWORD = 0x0400 ) const ( CONTEXT_AMD64 DWORD = 0x00100000 CONTEXT_CONTROL DWORD = CONTEXT_AMD64 | 0x00000001 CONTEXT_INTEGER DWORD = CONTEXT_AMD64 | 0x00000002 CONTEXT_SEGMENTS DWORD = CONTEXT_AMD64 | 0x00000004 CONTEXT_FLOATING_POINT DWORD = CONTEXT_AMD64 | 0x00000008 CONTEXT_DEBUG_REGISTERS DWORD = CONTEXT_AMD64 | 0x00000010 CONTEXT_FULL DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_FLOATING_POINT CONTEXT_ALL DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS ) const ( PAGE_NOACCESS DWORD = 0x01 PAGE_READONLY DWORD = 0x02 PAGE_READWRITE DWORD = 0x04 PAGE_WRITECOPY DWORD = 0x08 PAGE_EXECUTE DWORD = 0x10 PAGE_EXECUTE_READ DWORD = 0x20 PAGE_EXECUTE_READWRITE DWORD = 0x40 PAGE_EXECUTE_WRITECOPY DWORD = 0x80 PAGE_GUARD DWORD = 0x100 PAGE_NOCACHE DWORD = 0x200 PAGE_WRITECOMBINE DWORD = 0x400 ) const ( MEM_COMMIT DWORD = 0x00001000 MEM_RESERVE DWORD = 0x00002000 MEM_DECOMMIT DWORD = 0x00004000 MEM_RELEASE DWORD = 0x00008000 MEM_FREE DWORD = 0x00010000 MEM_PRIVATE DWORD = 0x00020000 MEM_MAPPED DWORD = 0x00040000 MEM_TOP_DOWN DWORD = 0x00100000 MEM_WRITE_WATCH DWORD = 0x00200000 MEM_PHYSICAL DWORD = 0x00400000 MEM_RESET DWORD = 0x00080000 MEM_RESET_UNDO DWORD = 0x01000000 MEM_LARGE_PAGES DWORD = 0x20000000 MEM_IMAGE DWORD = 0x01000000 ) const ( WAIT_OBJECT_0 DWORD = 0x00000000 WAIT_ABANDONED = 0x00000080 WAIT_TIMEOUT = 0x00000102 WAIT_FAILED = 0xFFFFFFFF INFINITE = 0xFFFFFFFF ) const ( STILL_ACTIVE DWORD = 259 INVALID_FILE_ATTRIBUTES DWORD = 0xFFFFFFFF ) const ( MAXIMUM_WAIT_OBJECTS DWORD = 64 ) const ( MOVEFILE_REPLACE_EXISTING DWORD = 0x00000001 MOVEFILE_COPY_ALLOWED DWORD = 0x00000002 MOVEFILE_DELAY_UNTIL_REBOOT DWORD = 0x00000004 MOVEFILE_WRITE_THROUGH DWORD = 0x00000008 MOVEFILE_CREATE_HARDLINK DWORD = 0x00000010 MOVEFILE_FAIL_IF_NOT_TRACKABLE DWORD = 0x00000020 ) type FILE_ID_DESCRIPTOR struct { DwSize DWORD Type FILE_ID_TYPE FileId DWORDLONG _ [8]byte } type FILE_ID_TYPE DWORD const ( FileIdType FILE_ID_TYPE = iota ObjectIdType ExtendedFileIdType MaximumFileIdType ) const ( FORMAT_MESSAGE_ALLOCATE_BUFFER DWORD = 0x00000100 FORMAT_MESSAGE_IGNORE_INSERTS DWORD = 0x00000200 FORMAT_MESSAGE_FROM_SYSTEM DWORD = 0x00001000 ) const ( FILE_SHARE_DELETE = syscall.FILE_SHARE_DELETE ) const ( CREATE_SUSPENDED DWORD = 0x00000004 DEBUG_PROCESS DWORD = 0x00000001 DEBUG_ONLY_THIS_PROCESS DWORD = 0x00000002 ) const ( EXCEPTION_DEBUG_EVENT DWORD = 1 CREATE_THREAD_DEBUG_EVENT DWORD = 2 CREATE_PROCESS_DEBUG_EVENT DWORD = 3 EXIT_THREAD_DEBUG_EVENT DWORD = 4 EXIT_PROCESS_DEBUG_EVENT DWORD = 5 LOAD_DLL_DEBUG_EVENT DWORD = 6 UNLOAD_DLL_DEBUG_EVENT DWORD = 7 OUTPUT_DEBUG_STRING_EVENT DWORD = 8 RIP_EVENT DWORD = 9 ) const ( DBG_CONTINUE DWORD = 0x00010002 DBG_EXCEPTION_NOT_HANDLED DWORD = 0x80010001 ) const ( GMEM_MOVEABLE = 0x0002 GMEM_ZEROINIT = 0x0040 GMEM_DDESHARE = 0x2000 GMEM_SHARE = GMEM_DDESHARE GMEM_FIXED = 0x0000 GMEM_DISCARDABLE = 0x0100 GMEM_NOT_BANKED = 0x1000 GMEM_NOTIFY = 0x4000 GMEM_LOWER = GMEM_NOT_BANKED GMEM_VALID_FLAGS = 0x7F72 GMEM_INVALID_HANDLE = 0x8000 GHND = (GMEM_MOVEABLE | GMEM_ZEROINIT) GPTR = (GMEM_FIXED | GMEM_ZEROINIT) )