func OpenOtherProcessToken(pid uint) (*Token, error) {
hProcess, err := wrappers.OpenProcess(wrappers.PROCESS_QUERY_INFORMATION, false, uint32(pid))
if err != nil {
return nil, NewWindowsError("OpenProcess", err)
}
defer syscall.CloseHandle(hProcess)
var hToken syscall.Handle
if err := wrappers.OpenProcessToken(hProcess, wrappers.TOKEN_QUERY, &hToken); err != nil {
return nil, NewWindowsError("OpenProcessToken", err)
}
return &Token{handle: hToken}, nil
}
func (self *Job) ProcessInJob(pid uint) (bool, error) {
hProcess, err := wrappers.OpenProcess(wrappers.PROCESS_QUERY_LIMITED_INFORMATION, false, uint32(pid))
if err != nil {
return false, NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
var result bool
if err := wrappers.IsProcessInJob(hProcess, self.handle, &result); err != nil {
return false, NewWindowsError("IsProcessInJob", err)
}
return result, nil
}
func GetProcessCommandLine(pid uint) (string, error) {
hProcess, err := wrappers.OpenProcess(
wrappers.PROCESS_QUERY_INFORMATION|wrappers.PROCESS_VM_READ,
false,
uint32(pid))
if err != nil {
return "", NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
var basicInfo wrappers.PROCESS_BASIC_INFORMATION
status := wrappers.NtQueryInformationProcess(
hProcess,
wrappers.ProcessBasicInformation,
(*byte)(unsafe.Pointer(&basicInfo)),
uint32(unsafe.Sizeof(basicInfo)),
nil)
if !wrappers.NT_SUCCESS(status) {
return "", NewWindowsError("NtQueryInformationProcess", NTError(status))
}
var peb wrappers.PEB
err = wrappers.ReadProcessMemory(
hProcess,
basicInfo.PebBaseAddress,
(*byte)(unsafe.Pointer(&peb)),
uint32(unsafe.Sizeof(peb)),
nil)
if err != nil {
return "", NewWindowsError("ReadProcessMemory", err)
}
var params wrappers.RTL_USER_PROCESS_PARAMETERS
err = wrappers.ReadProcessMemory(
hProcess,
peb.ProcessParameters,
(*byte)(unsafe.Pointer(¶ms)),
uint32(unsafe.Sizeof(params)),
nil)
if err != nil {
return "", NewWindowsError("ReadProcessMemory", err)
}
commandLine := make([]uint16, params.CommandLine.Length)
err = wrappers.ReadProcessMemory(
hProcess,
params.CommandLine.Buffer,
(*byte)(unsafe.Pointer(&commandLine[0])),
uint32(params.CommandLine.Length),
nil)
if err != nil {
return "", NewWindowsError("ReadProcessMemory", err)
}
return syscall.UTF16ToString(commandLine), nil
}
func (self *Job) AssignProcess(pid uint) error {
hProcess, err := wrappers.OpenProcess(
wrappers.PROCESS_SET_QUOTA|wrappers.PROCESS_TERMINATE,
false,
uint32(pid))
if err != nil {
return NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
if err := wrappers.AssignProcessToJobObject(self.handle, hProcess); err != nil {
return NewWindowsError("AssignProcessToJobObject", err)
}
return nil
}
func KillProcess(pid uint, exitCode uint) error {
hProcess, err := wrappers.OpenProcess(wrappers.PROCESS_TERMINATE, false, uint32(pid))
if err == wrappers.ERROR_INVALID_PARAMETER {
// the process terminated on its own
return nil
} else if err != nil {
return NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
if err := wrappers.TerminateProcess(hProcess, uint32(exitCode)); err != nil {
return NewWindowsError("TerminateProcess", err)
}
return nil
}
func IsProcessRunning(pid uint) (bool, error) {
hProcess, err := wrappers.OpenProcess(wrappers.SYNCHRONIZE, false, uint32(pid))
if err == wrappers.ERROR_INVALID_PARAMETER {
// the process no longer exists
return false, nil
} else if err != nil {
return false, NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
// wait with a timeout of 0 to check the process's status and make sure it's not a zombie
event, err := wrappers.WaitForSingleObject(hProcess, 0)
if err != nil {
return false, NewWindowsError("WaitForSingleObject", err)
}
return event != wrappers.WAIT_OBJECT_0, nil
}
func GetProcessTimeCounters(pid uint) (*ProcessTimeCounters, error) {
hProcess, err := wrappers.OpenProcess(wrappers.PROCESS_QUERY_LIMITED_INFORMATION, false, uint32(pid))
if err != nil {
return nil, NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
var creationTime, exitTime, kernelTime, userTime wrappers.FILETIME
err = wrappers.GetProcessTimes(hProcess, &creationTime, &exitTime, &kernelTime, &userTime)
if err != nil {
return nil, NewWindowsError("GetProcessTimes", err)
}
return &ProcessTimeCounters{
Creation: fileTimeToUint64(creationTime),
Exit: fileTimeToUint64(exitTime),
Kernel: fileTimeToUint64(kernelTime),
User: fileTimeToUint64(userTime),
}, nil
}
func GetProcessFullPathName(pid uint, flags ProcessNameFlags) (string, error) {
hProcess, err := wrappers.OpenProcess(wrappers.PROCESS_QUERY_LIMITED_INFORMATION, false, uint32(pid))
if err != nil {
return "", NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
buf := make([]uint16, wrappers.MAX_PATH)
size := uint32(wrappers.MAX_PATH)
if err := wrappers.QueryFullProcessImageName(hProcess, uint32(flags), &buf[0], &size); err != nil {
if err == wrappers.ERROR_INSUFFICIENT_BUFFER {
buf = make([]uint16, syscall.MAX_LONG_PATH)
size = syscall.MAX_LONG_PATH
if err := wrappers.QueryFullProcessImageName(hProcess, uint32(flags), &buf[0], &size); err != nil {
return "", NewWindowsError("QueryFullProcessImageName", err)
}
} else {
return "", NewWindowsError("QueryFullProcessImageName", err)
}
}
return syscall.UTF16ToString(buf[0:size]), nil
}
func SignalProcessAndWait(pid uint, timeout time.Duration) error {
milliseconds := uint32(timeout / time.Millisecond)
if timeout < 0 {
milliseconds = wrappers.INFINITE
}
hProcess, err := wrappers.OpenProcess(wrappers.SYNCHRONIZE, false, uint32(pid))
if err == wrappers.ERROR_INVALID_PARAMETER {
// the process terminated on its own
return nil
} else if err != nil {
return NewWindowsError("OpenProcess", err)
}
defer wrappers.CloseHandle(hProcess)
if err := wrappers.GenerateConsoleCtrlEvent(wrappers.CTRL_BREAK_EVENT, uint32(pid)); err == wrappers.ERROR_INVALID_PARAMETER {
// the process terminated on its own
return nil
} else if err != nil {
return NewWindowsError("GenerateConsoleCtrlEvent", err)
}
if _, err := wrappers.WaitForSingleObject(hProcess, milliseconds); err != nil {
return NewWindowsError("WaitForSingleObject", err)
}
return nil
}