-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathwinapi.go
80 lines (66 loc) · 1.57 KB
/
winapi.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package main
import (
"syscall"
"unsafe"
)
var (
ntdll = syscall.NewLazyDLL("ntdll.dll")
ntReadVirtualMemory = ntdll.NewProc("NtReadVirtualMemory")
intLevels = map[string]string{
"S-1-16-4096": "Low",
"S-1-16-8192": "Medium",
"S-1-16-8448": "Medium-Plus",
"S-1-16-12288": "High",
"S-1-16-16384": "System",
}
)
const (
processCreateThread = 0x02
processVMOperation = 0x08
processVMWrite = 0x20
is32bitProc = unsafe.Sizeof(uintptr(0)) == 4
)
type sidAttrs struct {
Sid *syscall.SID
Attributes uint32
}
type tokenMandatoryLabel struct {
Label sidAttrs
}
func (tml *tokenMandatoryLabel) Size() uint32 {
return uint32(unsafe.Sizeof(tokenMandatoryLabel{})) + syscall.GetLengthSid(tml.Label.Sid)
}
func getProcessIntegrityLevel() (string, error) {
procToken, err := syscall.OpenCurrentProcessToken()
if err != nil {
return "", err
}
defer procToken.Close()
p, err := tokenGetInfo(procToken, syscall.TokenIntegrityLevel, 64)
if err != nil {
return "", err
}
tml := (*tokenMandatoryLabel)(p)
sid := (*syscall.SID)(unsafe.Pointer(tml.Label.Sid))
sidStr, err := sid.String()
if err != nil {
return "", err
}
return intLevels[sidStr], err
}
func tokenGetInfo(t syscall.Token, class uint32, initSize int) (unsafe.Pointer, error) {
n := uint32(initSize)
for {
b := make([]byte, n)
e := syscall.GetTokenInformation(t, class, &b[0], uint32(len(b)), &n)
if e == nil {
return unsafe.Pointer(&b[0]), nil
}
if e != syscall.ERROR_INSUFFICIENT_BUFFER {
return nil, e
}
if n <= uint32(len(b)) {
return nil, e
}
}
}