// GetDebugInfo returns general debug info about the current process.
func GetDebugInfo() (*DebugInfo, error) {
h, err := windows.GetCurrentProcess()
if err != nil {
return nil, err
}
var token syscall.Token
err = syscall.OpenProcessToken(syscall.Handle(h), syscall.TOKEN_QUERY, &token)
if err != nil {
return nil, err
}
privs, err := GetTokenPrivileges(token)
if err != nil {
return nil, err
}
user, err := GetTokenUser(token)
if err != nil {
return nil, err
}
return &DebugInfo{
User: user,
ProcessPrivs: privs,
OSVersion: GetWindowsVersion(),
Arch: runtime.GOARCH,
NumCPU: runtime.NumCPU(),
}, nil
}
// enableSeDebugPrivilege enables the SeDebugPrivilege if it is present in
// the process's token.
func enableSeDebugPrivilege() error {
self, err := syscall.GetCurrentProcess()
if err != nil {
return err
}
var token syscall.Token
err = syscall.OpenProcessToken(self, syscall.TOKEN_QUERY|syscall.TOKEN_ADJUST_PRIVILEGES, &token)
if err != nil {
return err
}
if err = windows.EnableTokenPrivileges(token, windows.SeDebugPrivilege); err != nil {
return errors.Wrap(err, "EnableTokenPrivileges failed")
}
return nil
}
func GetProcCredName(pid int) (string, error) {
var err error
handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))
if err != nil {
return "", fmt.Errorf("OpenProcess fails with %v", err)
}
defer syscall.CloseHandle(handle)
var token syscall.Token
// Find process token via win32
err = syscall.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token)
if err != nil {
return "", fmt.Errorf("Error opening process token %v", err)
}
// Find the token user
tokenUser, err := token.GetTokenUser()
if err != nil {
return "", fmt.Errorf("Error getting token user %v", err)
}
// Close token to prevent handle leaks
err = token.Close()
if err != nil {
return "", fmt.Errorf("Error failed to closed process token")
}
// look up domain account by sid
account, domain, _, err := tokenUser.User.Sid.LookupAccount("localhost")
if err != nil {
return "", fmt.Errorf("Error looking up sid %v", err)
}
return fmt.Sprintf("%s\\%s", domain, account), nil
}
func getProcCredName(pid int) (string, error) {
handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))
if err != nil {
return "", errors.Wrapf(err, "OpenProcess failed for pid=%v", pid)
}
defer syscall.CloseHandle(handle)
// Find process token via win32.
var token syscall.Token
err = syscall.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token)
if err != nil {
return "", errors.Wrapf(err, "OpenProcessToken failed for pid=%v", pid)
}
// Find the token user.
tokenUser, err := token.GetTokenUser()
if err != nil {
return "", errors.Wrapf(err, "GetTokenInformation failed for pid=%v", pid)
}
// Close token to prevent handle leaks.
err = token.Close()
if err != nil {
return "", errors.Wrapf(err, "failed while closing process token handle for pid=%v", pid)
}
// Look up domain account by SID.
account, domain, _, err := tokenUser.User.Sid.LookupAccount("")
if err != nil {
sid, sidErr := tokenUser.User.Sid.String()
if sidErr != nil {
return "", errors.Wrapf(err, "failed while looking up account name for pid=%v", pid)
}
return "", errors.Wrapf(err, "failed while looking up account name for SID=%v of pid=%v", sid, pid)
}
return fmt.Sprintf(`%s\%s`, domain, account), nil
}