types

package

v1.2.0 Latest Latest Go to latest Published: Apr 27, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rabbitstack/fibratus

Links

Open Source Insights

Documentation ¶

Index ¶

type AlpcPortInfo
type FileInfo
type Handle
- func NewFromKcap(buf []byte) (Handle, error)
type Handles
- func (handles Handles) String() string
type Meta
type MutantInfo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AlpcPortInfo ¶

type AlpcPortInfo struct {
	Flags   uint32
	Seqno   uint32
	Context uintptr
}

AlpcPortInfo stores ALPC port basic information.

type FileInfo ¶

type FileInfo struct {
	IsDirectory bool
}

FileInfo contains file handle metadata.

type Handle ¶

type Handle struct {
	// Num represents the internal handle identifier.
	Num handle.Handle `json:"id"`
	// Object is the kernel address that this handle references.
	Object uint64 `json:"object"`
	// Pid represents the process's identifier that owns the handle.
	Pid uint32 `json:"-"`
	// Type is the type of this handle (e.g. File, Key, Mutant, Section)
	Type string `json:"type"`
	// Name is the actual value of the handle (e.g. \Device\HarddiskVolume4\Windows\Temp\DPTF)
	Name string `json:"name"`
	// MD is the handle meta information (e.g. ALPC port info)
	MD Meta `json:"meta,omitempty"`
}

Handle stores various metadata specific to the handle allocated by a process.

func NewFromKcap ¶

func NewFromKcap(buf []byte) (Handle, error)

NewFromKcap restores handle state from the kcap buffer.

func (Handle) Len ¶

func (h Handle) Len() int

Len returns the length in bytes of the Handle structure.

func (*Handle) Marshal ¶

func (h *Handle) Marshal() []byte

Marshal dumps the state of the handle to byte slice that is suitable for serializing to kcap file.

func (Handle) Offset ¶

func (h Handle) Offset() uint16

Offset returns the next offset from which to read the binary data.

func (Handle) String ¶

func (h Handle) String() string

String returns a string representation of the handle.

func (*Handle) Unmarshal ¶

func (h *Handle) Unmarshal(b []byte) error

Unmarshal transforms the byte slice back to handle structure.

type Handles ¶

type Handles []Handle

Handles represents a collection of handles.

func (Handles) String ¶

func (handles Handles) String() string

String returns the string representation of all handles.

type Meta ¶

type Meta interface{}

Meta represents the type alias for handle meta information

type MutantInfo ¶

type MutantInfo struct {
	Count       int32
	IsAbandoned bool
}

MutantInfo stores metadata about particular mutant object.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL