starainrt
0f82ba044b
- 修正 WTS 会话相关类型、枚举与活动会话选择逻辑 - 对齐 FILE_ID_DESCRIPTOR 布局与 FILE_ID_TYPE 语义,修复 OpenFileById 调用前提 - 修正 user32/shell32/kernel32 部分 API 的返回值、参数个数与错误处理 - 完善剪贴板更新格式读取的缓冲区重试逻辑 - 补充常用进程、线程、调试、桌面与会话 helper - 增加结构体布局、会话查询、剪贴板、CreateProcess 等回归测试 - 将默认 CreateProcess 相关测试切到 helper 进程,并保留显式开启的 cmd.exe 集成覆盖
374 lines
10 KiB
Go
374 lines
10 KiB
Go
package win32api
|
|
|
|
import "syscall"
|
|
|
|
type Ulong int32
|
|
type Ulong_ptr uintptr
|
|
|
|
const (
|
|
LOCKFILE_EXCLUSIVE_LOCK DWORD = 0x00000002
|
|
LOCKFILE_FAIL_IMMEDIATELY DWORD = 0x00000001
|
|
)
|
|
|
|
type PROCESSENTRY32 struct {
|
|
DwSize Ulong
|
|
CntUsage Ulong
|
|
Th32ProcessID Ulong
|
|
Th32DefaultHeapID Ulong_ptr
|
|
Th32ModuleID Ulong
|
|
CntThreads Ulong
|
|
Th32ParentProcessID Ulong
|
|
PcPriClassBase Ulong
|
|
DwFlags Ulong
|
|
SzExeFile [260]byte
|
|
}
|
|
|
|
type THREADENTRY32 struct {
|
|
DwSize DWORD
|
|
CntUsage DWORD
|
|
Th32ThreadID DWORD
|
|
Th32OwnerProcessID DWORD
|
|
TpBasePri int32
|
|
TpDeltaPri int32
|
|
DwFlags DWORD
|
|
}
|
|
|
|
type MODULEENTRY32W struct {
|
|
DwSize DWORD
|
|
Th32ModuleID DWORD
|
|
Th32ProcessID DWORD
|
|
GlblcntUsage DWORD
|
|
ProccntUsage DWORD
|
|
ModBaseAddr uintptr
|
|
ModBaseSize DWORD
|
|
HModule HMODULE
|
|
SzModule [MAX_MODULE_NAME32 + 1]uint16
|
|
SzExePath [syscall.MAX_PATH]uint16
|
|
}
|
|
|
|
type M128A struct {
|
|
Low uint64
|
|
High int64
|
|
}
|
|
|
|
// AMD64_CONTEXT mirrors the Windows x64 CONTEXT layout closely enough for
|
|
// GetThreadContext/SetThreadContext on amd64 processes.
|
|
type AMD64_CONTEXT struct {
|
|
P1Home uint64
|
|
P2Home uint64
|
|
P3Home uint64
|
|
P4Home uint64
|
|
P5Home uint64
|
|
P6Home uint64
|
|
ContextFlags DWORD
|
|
MxCsr DWORD
|
|
SegCs WORD
|
|
SegDs WORD
|
|
SegEs WORD
|
|
SegFs WORD
|
|
SegGs WORD
|
|
SegSs WORD
|
|
EFlags DWORD
|
|
Dr0 uint64
|
|
Dr1 uint64
|
|
Dr2 uint64
|
|
Dr3 uint64
|
|
Dr6 uint64
|
|
Dr7 uint64
|
|
Rax uint64
|
|
Rcx uint64
|
|
Rdx uint64
|
|
Rbx uint64
|
|
Rsp uint64
|
|
Rbp uint64
|
|
Rsi uint64
|
|
Rdi uint64
|
|
R8 uint64
|
|
R9 uint64
|
|
R10 uint64
|
|
R11 uint64
|
|
R12 uint64
|
|
R13 uint64
|
|
R14 uint64
|
|
R15 uint64
|
|
Rip uint64
|
|
ExtendedRegisters [512]byte
|
|
VectorRegister [26]M128A
|
|
VectorControl uint64
|
|
DebugControl uint64
|
|
LastBranchToRip uint64
|
|
LastBranchFromRip uint64
|
|
LastExceptionToRip uint64
|
|
LastExceptionFromRip uint64
|
|
}
|
|
|
|
type DEBUG_EVENT_HEADER struct {
|
|
DwDebugEventCode DWORD
|
|
DwProcessId DWORD
|
|
DwThreadId DWORD
|
|
}
|
|
|
|
type DebugEventInfo struct {
|
|
Header DEBUG_EVENT_HEADER
|
|
CodeName string
|
|
}
|
|
|
|
type MEMORYSTATUSEX struct {
|
|
DwLength DWORD
|
|
DwMemoryLoad DWORD
|
|
UllTotalPhys DWORDLONG
|
|
UllAvailPhys DWORDLONG
|
|
UllTotalPageFile DWORDLONG
|
|
UllAvailPageFile DWORDLONG
|
|
UllTotalVirtual DWORDLONG
|
|
UllAvailVirtual DWORDLONG
|
|
UllAvailExtendedVirtual DWORDLONG
|
|
}
|
|
|
|
type MEMORY_BASIC_INFORMATION struct {
|
|
BaseAddress uintptr
|
|
AllocationBase uintptr
|
|
AllocationProtect DWORD
|
|
RegionSize uintptr
|
|
State DWORD
|
|
Protect DWORD
|
|
Type DWORD
|
|
}
|
|
|
|
type USN_JOURNAL_DATA struct {
|
|
UsnJournalID DWORDLONG
|
|
FirstUsn USN
|
|
NextUsn USN
|
|
LowestValidUsn USN
|
|
MaxUsn USN
|
|
MaximumSize DWORDLONG
|
|
AllocationDelta DWORDLONG
|
|
}
|
|
|
|
type READ_USN_JOURNAL_DATA struct {
|
|
StartUsn USN
|
|
ReasonMask DWORD
|
|
ReturnOnlyOnClose DWORD
|
|
Timeout DWORDLONG
|
|
BytesToWaitFor DWORDLONG
|
|
UsnJournalID DWORDLONG
|
|
}
|
|
|
|
type USN_RECORD struct {
|
|
RecordLength DWORD
|
|
MajorVersion WORD
|
|
MinorVersion WORD
|
|
FileReferenceNumber DWORDLONG
|
|
ParentFileReferenceNumber DWORDLONG
|
|
Usn USN
|
|
TimeStamp LARGE_INTEGER
|
|
Reason DWORD
|
|
SourceInfo DWORD
|
|
SecurityId DWORD
|
|
FileAttributes DWORD
|
|
FileNameLength WORD
|
|
FileNameOffset WORD
|
|
FileName [1]WCHAR
|
|
}
|
|
|
|
type MFT_ENUM_DATA struct {
|
|
StartFileReferenceNumber DWORDLONG
|
|
LowUsn USN
|
|
HighUsn USN
|
|
}
|
|
|
|
const (
|
|
TH32CS_SNAPPROCESS DWORD = 0x00000002
|
|
TH32CS_SNAPTHREAD DWORD = 0x00000004
|
|
TH32CS_SNAPMODULE DWORD = 0x00000008
|
|
TH32CS_SNAPMODULE32 DWORD = 0x00000010
|
|
FSCTL_ENUM_USN_DATA = 0x900B3
|
|
FSCTL_QUERY_USN_JOURNAL = 0x900F4
|
|
FSCTL_READ_USN_JOURNAL = 0x900BB
|
|
O_RDONLY = syscall.O_RDONLY
|
|
O_RDWR = syscall.O_RDWR
|
|
O_CREAT = syscall.O_CREAT
|
|
O_WRONLY = syscall.O_WRONLY
|
|
GENERIC_READ = syscall.GENERIC_READ
|
|
GENERIC_WRITE = syscall.GENERIC_WRITE
|
|
FILE_APPEND_DATA = syscall.FILE_APPEND_DATA
|
|
FILE_SHARE_READ = syscall.FILE_SHARE_READ
|
|
FILE_SHARE_WRITE = syscall.FILE_SHARE_WRITE
|
|
ERROR_NO_MORE_FILES = syscall.ERROR_NO_MORE_FILES
|
|
ERROR_FILE_NOT_FOUND = syscall.ERROR_FILE_NOT_FOUND
|
|
O_APPEND = syscall.O_APPEND
|
|
O_CLOEXEC = syscall.O_CLOEXEC
|
|
O_EXCL = syscall.O_EXCL
|
|
O_TRUNC = syscall.O_TRUNC
|
|
CREATE_ALWAYS = syscall.CREATE_ALWAYS
|
|
CREATE_NEW = syscall.CREATE_NEW
|
|
OPEN_ALWAYS = syscall.OPEN_ALWAYS
|
|
TRUNCATE_EXISTING = syscall.TRUNCATE_EXISTING
|
|
OPEN_EXISTING = syscall.OPEN_EXISTING
|
|
FILE_ATTRIBUTE_NORMAL = syscall.FILE_ATTRIBUTE_NORMAL
|
|
FILE_FLAG_BACKUP_SEMANTICS = syscall.FILE_FLAG_BACKUP_SEMANTICS
|
|
FILE_ATTRIBUTE_DIRECTORY = syscall.FILE_ATTRIBUTE_DIRECTORY
|
|
MAX_LONG_PATH = syscall.MAX_LONG_PATH
|
|
)
|
|
|
|
const (
|
|
MAX_MODULE_NAME32 = 255
|
|
)
|
|
|
|
const (
|
|
PROCESS_CREATE_THREAD DWORD = 0x0002
|
|
PROCESS_TERMINATE DWORD = 0x0001
|
|
PROCESS_VM_OPERATION DWORD = 0x0008
|
|
PROCESS_VM_READ DWORD = 0x0010
|
|
PROCESS_VM_WRITE DWORD = 0x0020
|
|
PROCESS_QUERY_INFORMATION DWORD = 0x0400
|
|
PROCESS_QUERY_LIMITED_INFORMATION DWORD = 0x1000
|
|
PROCESS_SUSPEND_RESUME DWORD = 0x0800
|
|
SYNCHRONIZE DWORD = 0x00100000
|
|
PROCESS_NAME_NATIVE DWORD = 0x00000001
|
|
)
|
|
|
|
const (
|
|
THREAD_TERMINATE DWORD = 0x0001
|
|
THREAD_SUSPEND_RESUME DWORD = 0x0002
|
|
THREAD_GET_CONTEXT DWORD = 0x0008
|
|
THREAD_SET_CONTEXT DWORD = 0x0010
|
|
THREAD_QUERY_INFORMATION DWORD = 0x0040
|
|
THREAD_SET_INFORMATION DWORD = 0x0020
|
|
THREAD_QUERY_LIMITED_INFO DWORD = 0x0800
|
|
THREAD_SET_LIMITED_INFO DWORD = 0x0400
|
|
)
|
|
|
|
const (
|
|
CONTEXT_AMD64 DWORD = 0x00100000
|
|
CONTEXT_CONTROL DWORD = CONTEXT_AMD64 | 0x00000001
|
|
CONTEXT_INTEGER DWORD = CONTEXT_AMD64 | 0x00000002
|
|
CONTEXT_SEGMENTS DWORD = CONTEXT_AMD64 | 0x00000004
|
|
CONTEXT_FLOATING_POINT DWORD = CONTEXT_AMD64 | 0x00000008
|
|
CONTEXT_DEBUG_REGISTERS DWORD = CONTEXT_AMD64 | 0x00000010
|
|
CONTEXT_FULL DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_FLOATING_POINT
|
|
CONTEXT_ALL DWORD = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS
|
|
)
|
|
|
|
const (
|
|
PAGE_NOACCESS DWORD = 0x01
|
|
PAGE_READONLY DWORD = 0x02
|
|
PAGE_READWRITE DWORD = 0x04
|
|
PAGE_WRITECOPY DWORD = 0x08
|
|
PAGE_EXECUTE DWORD = 0x10
|
|
PAGE_EXECUTE_READ DWORD = 0x20
|
|
PAGE_EXECUTE_READWRITE DWORD = 0x40
|
|
PAGE_EXECUTE_WRITECOPY DWORD = 0x80
|
|
PAGE_GUARD DWORD = 0x100
|
|
PAGE_NOCACHE DWORD = 0x200
|
|
PAGE_WRITECOMBINE DWORD = 0x400
|
|
)
|
|
|
|
const (
|
|
MEM_COMMIT DWORD = 0x00001000
|
|
MEM_RESERVE DWORD = 0x00002000
|
|
MEM_DECOMMIT DWORD = 0x00004000
|
|
MEM_RELEASE DWORD = 0x00008000
|
|
MEM_FREE DWORD = 0x00010000
|
|
MEM_PRIVATE DWORD = 0x00020000
|
|
MEM_MAPPED DWORD = 0x00040000
|
|
MEM_TOP_DOWN DWORD = 0x00100000
|
|
MEM_WRITE_WATCH DWORD = 0x00200000
|
|
MEM_PHYSICAL DWORD = 0x00400000
|
|
MEM_RESET DWORD = 0x00080000
|
|
MEM_RESET_UNDO DWORD = 0x01000000
|
|
MEM_LARGE_PAGES DWORD = 0x20000000
|
|
MEM_IMAGE DWORD = 0x01000000
|
|
)
|
|
|
|
const (
|
|
WAIT_OBJECT_0 DWORD = 0x00000000
|
|
WAIT_ABANDONED = 0x00000080
|
|
WAIT_TIMEOUT = 0x00000102
|
|
WAIT_FAILED = 0xFFFFFFFF
|
|
INFINITE = 0xFFFFFFFF
|
|
)
|
|
|
|
const (
|
|
STILL_ACTIVE DWORD = 259
|
|
INVALID_FILE_ATTRIBUTES DWORD = 0xFFFFFFFF
|
|
)
|
|
|
|
const (
|
|
MAXIMUM_WAIT_OBJECTS DWORD = 64
|
|
)
|
|
|
|
const (
|
|
MOVEFILE_REPLACE_EXISTING DWORD = 0x00000001
|
|
MOVEFILE_COPY_ALLOWED DWORD = 0x00000002
|
|
MOVEFILE_DELAY_UNTIL_REBOOT DWORD = 0x00000004
|
|
MOVEFILE_WRITE_THROUGH DWORD = 0x00000008
|
|
MOVEFILE_CREATE_HARDLINK DWORD = 0x00000010
|
|
MOVEFILE_FAIL_IF_NOT_TRACKABLE DWORD = 0x00000020
|
|
)
|
|
|
|
type FILE_ID_DESCRIPTOR struct {
|
|
DwSize DWORD
|
|
Type FILE_ID_TYPE
|
|
FileId DWORDLONG
|
|
_ [8]byte
|
|
}
|
|
|
|
type FILE_ID_TYPE DWORD
|
|
|
|
const (
|
|
FileIdType FILE_ID_TYPE = iota
|
|
ObjectIdType
|
|
ExtendedFileIdType
|
|
MaximumFileIdType
|
|
)
|
|
|
|
const (
|
|
FORMAT_MESSAGE_ALLOCATE_BUFFER DWORD = 0x00000100
|
|
FORMAT_MESSAGE_IGNORE_INSERTS DWORD = 0x00000200
|
|
FORMAT_MESSAGE_FROM_SYSTEM DWORD = 0x00001000
|
|
)
|
|
|
|
const (
|
|
FILE_SHARE_DELETE = syscall.FILE_SHARE_DELETE
|
|
)
|
|
|
|
const (
|
|
CREATE_SUSPENDED DWORD = 0x00000004
|
|
DEBUG_PROCESS DWORD = 0x00000001
|
|
DEBUG_ONLY_THIS_PROCESS DWORD = 0x00000002
|
|
)
|
|
|
|
const (
|
|
EXCEPTION_DEBUG_EVENT DWORD = 1
|
|
CREATE_THREAD_DEBUG_EVENT DWORD = 2
|
|
CREATE_PROCESS_DEBUG_EVENT DWORD = 3
|
|
EXIT_THREAD_DEBUG_EVENT DWORD = 4
|
|
EXIT_PROCESS_DEBUG_EVENT DWORD = 5
|
|
LOAD_DLL_DEBUG_EVENT DWORD = 6
|
|
UNLOAD_DLL_DEBUG_EVENT DWORD = 7
|
|
OUTPUT_DEBUG_STRING_EVENT DWORD = 8
|
|
RIP_EVENT DWORD = 9
|
|
)
|
|
|
|
const (
|
|
DBG_CONTINUE DWORD = 0x00010002
|
|
DBG_EXCEPTION_NOT_HANDLED DWORD = 0x80010001
|
|
)
|
|
|
|
const (
|
|
GMEM_MOVEABLE = 0x0002
|
|
GMEM_ZEROINIT = 0x0040
|
|
GMEM_DDESHARE = 0x2000
|
|
GMEM_SHARE = GMEM_DDESHARE
|
|
GMEM_FIXED = 0x0000
|
|
GMEM_DISCARDABLE = 0x0100
|
|
GMEM_NOT_BANKED = 0x1000
|
|
GMEM_NOTIFY = 0x4000
|
|
GMEM_LOWER = GMEM_NOT_BANKED
|
|
GMEM_VALID_FLAGS = 0x7F72
|
|
GMEM_INVALID_HANDLE = 0x8000
|
|
GHND = (GMEM_MOVEABLE | GMEM_ZEROINIT)
|
|
GPTR = (GMEM_FIXED | GMEM_ZEROINIT)
|
|
)
|