windows: add low level memory related syscalls
Adds VirtualQuery, VirtualQueryEx, VirtualProtectEx, ReadProcessMemory, and WriteProcessMemory.
VirtualProtect already exists.
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualquery
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualqueryex
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotectex
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory
Change-Id: I609a09641c502d8d3802036123e0784b7c76e99b
GitHub-Last-Rev: 368f8c7b620607aab2a1b8fefff656c38cb0dd6b
GitHub-Pull-Request: golang/sys#117
Reviewed-on: https://go-review.googlesource.com/c/sys/+/352249
Trust: Alex Brainman <alex.brainman@gmail.com>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Trust: Benny Siegert <bsiegert@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
diff --git a/windows/memory_windows.go b/windows/memory_windows.go
index 1adb607..6dc0920 100644
--- a/windows/memory_windows.go
+++ b/windows/memory_windows.go
@@ -35,3 +35,14 @@
QUOTA_LIMITS_HARDWS_MAX_DISABLE = 0x00000008
QUOTA_LIMITS_HARDWS_MAX_ENABLE = 0x00000004
)
+
+type MemoryBasicInformation struct {
+ BaseAddress uintptr
+ AllocationBase uintptr
+ AllocationProtect uint32
+ PartitionId uint16
+ RegionSize uintptr
+ State uint32
+ Protect uint32
+ Type uint32
+}
diff --git a/windows/syscall_windows.go b/windows/syscall_windows.go
index ff2d45d..d3b59ae 100644
--- a/windows/syscall_windows.go
+++ b/windows/syscall_windows.go
@@ -274,6 +274,11 @@
//sys VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) = kernel32.VirtualAlloc
//sys VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) = kernel32.VirtualFree
//sys VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) = kernel32.VirtualProtect
+//sys VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect uint32, oldProtect *uint32) (err error) = kernel32.VirtualProtectEx
+//sys VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) = kernel32.VirtualQuery
+//sys VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) = kernel32.VirtualQueryEx
+//sys ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesRead *uintptr) (err error) = kernel32.ReadProcessMemory
+//sys WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesWritten *uintptr) (err error) = kernel32.WriteProcessMemory
//sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile
//sys ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW
//sys FindFirstChangeNotification(path string, watchSubtree bool, notifyFilter uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.FindFirstChangeNotificationW
diff --git a/windows/syscall_windows_test.go b/windows/syscall_windows_test.go
index bc11750..78d6a24 100644
--- a/windows/syscall_windows_test.go
+++ b/windows/syscall_windows_test.go
@@ -777,3 +777,30 @@
t.Fatalf("module size does not match executable: %v != %v", moduleInfo.SizeOfImage, peSizeOfImage)
}
}
+
+func TestReadWriteProcessMemory(t *testing.T) {
+ testBuffer := []byte{0xBA, 0xAD, 0xF0, 0x0D}
+
+ process, err := windows.GetCurrentProcess()
+ if err != nil {
+ t.Fatalf("unable to get current process: %v", err)
+ }
+
+ buffer := make([]byte, len(testBuffer))
+ err = windows.ReadProcessMemory(process, uintptr(unsafe.Pointer(&testBuffer[0])), &buffer[0], uintptr(len(buffer)), nil)
+ if err != nil {
+ t.Errorf("ReadProcessMemory failed: %v", err)
+ }
+ if !bytes.Equal(testBuffer, buffer) {
+ t.Errorf("bytes read does not match buffer: 0x%X != 0x%X", testBuffer, buffer)
+ }
+
+ buffer = []byte{0xDE, 0xAD, 0xBE, 0xEF}
+ err = windows.WriteProcessMemory(process, uintptr(unsafe.Pointer(&testBuffer[0])), &buffer[0], uintptr(len(buffer)), nil)
+ if err != nil {
+ t.Errorf("WriteProcessMemory failed: %v", err)
+ }
+ if !bytes.Equal(testBuffer, buffer) {
+ t.Errorf("bytes written does not match buffer: 0x%X != 0x%X", testBuffer, buffer)
+ }
+}
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index e282e24..4ea788e 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -303,6 +303,7 @@
procReadConsoleW = modkernel32.NewProc("ReadConsoleW")
procReadDirectoryChangesW = modkernel32.NewProc("ReadDirectoryChangesW")
procReadFile = modkernel32.NewProc("ReadFile")
+ procReadProcessMemory = modkernel32.NewProc("ReadProcessMemory")
procReleaseMutex = modkernel32.NewProc("ReleaseMutex")
procRemoveDirectoryW = modkernel32.NewProc("RemoveDirectoryW")
procResetEvent = modkernel32.NewProc("ResetEvent")
@@ -345,12 +346,16 @@
procVirtualFree = modkernel32.NewProc("VirtualFree")
procVirtualLock = modkernel32.NewProc("VirtualLock")
procVirtualProtect = modkernel32.NewProc("VirtualProtect")
+ procVirtualProtectEx = modkernel32.NewProc("VirtualProtectEx")
+ procVirtualQuery = modkernel32.NewProc("VirtualQuery")
+ procVirtualQueryEx = modkernel32.NewProc("VirtualQueryEx")
procVirtualUnlock = modkernel32.NewProc("VirtualUnlock")
procWTSGetActiveConsoleSessionId = modkernel32.NewProc("WTSGetActiveConsoleSessionId")
procWaitForMultipleObjects = modkernel32.NewProc("WaitForMultipleObjects")
procWaitForSingleObject = modkernel32.NewProc("WaitForSingleObject")
procWriteConsoleW = modkernel32.NewProc("WriteConsoleW")
procWriteFile = modkernel32.NewProc("WriteFile")
+ procWriteProcessMemory = modkernel32.NewProc("WriteProcessMemory")
procAcceptEx = modmswsock.NewProc("AcceptEx")
procGetAcceptExSockaddrs = modmswsock.NewProc("GetAcceptExSockaddrs")
procTransmitFile = modmswsock.NewProc("TransmitFile")
@@ -2636,6 +2641,14 @@
return
}
+func ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesRead *uintptr) (err error) {
+ r1, _, e1 := syscall.Syscall6(procReadProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesRead)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func ReleaseMutex(mutex Handle) (err error) {
r1, _, e1 := syscall.Syscall(procReleaseMutex.Addr(), 1, uintptr(mutex), 0, 0)
if r1 == 0 {
@@ -2990,6 +3003,30 @@
return
}
+func VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect uint32, oldProtect *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procVirtualProtectEx.Addr(), 5, uintptr(process), uintptr(address), uintptr(size), uintptr(newProtect), uintptr(unsafe.Pointer(oldProtect)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) {
+ r1, _, e1 := syscall.Syscall(procVirtualQuery.Addr(), 3, uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) {
+ r1, _, e1 := syscall.Syscall6(procVirtualQueryEx.Addr(), 4, uintptr(process), uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func VirtualUnlock(addr uintptr, length uintptr) (err error) {
r1, _, e1 := syscall.Syscall(procVirtualUnlock.Addr(), 2, uintptr(addr), uintptr(length), 0)
if r1 == 0 {
@@ -3046,6 +3083,14 @@
return
}
+func WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesWritten *uintptr) (err error) {
+ r1, _, e1 := syscall.Syscall6(procWriteProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesWritten)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) {
r1, _, e1 := syscall.Syscall9(procAcceptEx.Addr(), 8, uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped)), 0)
if r1 == 0 {
