Search running process for a given dll/function. Exposes a bufio.Scanner-like interface for walking a process' PEB

Last update: Apr 21, 2022

Comments: 0

dllinquent

Search running process for a given dll/function.
Exposes a bufio.Scanner-like interface for walking a process' PEB

Examples

Walker

walker, _ := NewPebWalker(pid)
for walker.Walk() {
    dll := walker.Dll()

    if strings.HasSuffix(dll.DllFullName, "amsi.dll") {
        hFunc, _ = windows.GetProcAddress(
            windows.Handle(dll.DllBaseAddr), 
            "AmsiScanBuffer",
            )

        funcOffset = uint64(dll.FuncAddress) - dll.DllBaseAddr
        fmt.Printf("AmsiScanBuffer offset: %v", funcOffset)
    }
    
    if walker.Err() == io.EOF {
        fmt.Println("amsi not loaded")
    }
}

err = walker.Err()
return

Finding Dlls/Functions

// dllinquent.FindInSelf("amsi.dll", "AmsiScanBuffer")          (Dll, err)
// dllinquent.FindInProcess(123, "amsi.dll", "AmsiScanBuffer")  (Dll, err)
// dllinquent.FindInProcesses("amsi.dll", "AmsiScanBuffer")     (map[Process]Dll, err)

func HasAmsi() (hasAmsi bool, dll Dll, err error) {
	dll, err = dllinquent.FindInSelf("amsi.dll", "AmsiScanBuffer")
	if err != nil {
		return
	}

	if dll != (dllinquent.Dll{}) {
		hasAmsi = true
	}
	return
}

Owner

Alex Flores

〉It is a truth universally acknowledged, that a single man in possession of a good exploit must be in want of shellz.

https://github.com/audibleblink/dllinquent

Similar Resources

A simple Cron library for go that can execute closures or functions at varying intervals, from once a second to once a year on a specific date and time. Primarily for web applications and long running daemons.

Cron.go This is a simple library to handle scheduled tasks. Tasks can be run in a minimum delay of once a second--for which Cron isn't actually design

Dec 17, 2022

jacobin - A more than minimal JVM written in Go and capable of running Java 11 bytecode.

This overview gives the background on this project, including its aspirations and the features that it supports. The remaining pages discuss the basics of JVM operation and, where applicable, how Jacobin implements the various steps, noting any items that would be of particular interest to JVM cognoscenti.

Dec 29, 2022

Workaround for running ubuntu:21.10, fedora:35, and other glibc = 2.34 distros on Docker = 20.10.9

clone3-workaround: Workaround for running ubuntu:21.10, fedora:35, and other glibc = 2.34 distros on Docker = 20.10.9 Old container engines such as

Dec 1, 2022

The VM for running Back

Backvm The VM for running Back Back is a Concurrent Forth implementation, have fun Building the only dependency for backvm is the Go compiler Backvm d

Dec 11, 2021

Unik is a Go module for running Go programs as unikernels, without an underlying operating system

Unik is a Go module for running Go programs as unikernels, without an underlying operating system. The included demo is a functional Gio GUI prog

Oct 21, 2022

Start of a project that would let people stay informed about safe running spaces in their area.

SafeRun Start of a project that would let people stay informed about safe running spaces in their area. Too many people I'm friends with feel unsafe w

Feb 11, 2022

community search engine

Lieu an alternative search engine Created in response to the environs of apathy concerning the use of hypertext search and discovery.

Dec 24, 2022

Universal code search (self-hosted)

Sourcegraph OSS edition is a fast, open-source, fully-featured code search and navigation engine. Enterprise editions are available. Features Fast glo

Jan 9, 2023

Weaviate is a cloud-native, modular, real-time vector search engine

Weaviate is a cloud-native, real-time vector search engine (aka neural search engine or deep search engine). There are modules for specific use cases such as semantic search, plugins to integrate Weaviate in any application of your choice, and a console to visualize your data.

Jan 5, 2023

Search running process for a given dll/function. Exposes a bufio.Scanner-like interface for walking a process' PEB

dllinquent

Examples

Walker

Finding Dlls/Functions

Owner

Alex Flores

Similar Resources

A simple Cron library for go that can execute closures or functions at varying intervals, from once a second to once a year on a specific date and time. Primarily for web applications and long running daemons.

jacobin - A more than minimal JVM written in Go and capable of running Java 11 bytecode.

Workaround for running ubuntu:21.10, fedora:35, and other glibc = 2.34 distros on Docker = 20.10.9

The VM for running Back

Unik is a Go module for running Go programs as unikernels, without an underlying operating system

Start of a project that would let people stay informed about safe running spaces in their area.

community search engine

Universal code search (self-hosted)

Weaviate is a cloud-native, modular, real-time vector search engine

Related tags

AutoK3s GEO collects metrics about locates remote IP-address and exposes metrics to InfluxDB.

Contains a function to get an ip that can be used like localhost.

The gofinder program is an acme user interface to search through Go projects.

Generate random, pronounceable, sometimes even memorable, "superhero like" codenames - just like Docker does with container names.

Developed Code for the Fulfillment of the technical task given by Appointy using Go

Coding assessment to create Todo app given by Percipia

A Github action to check if IDT could synthesize a given DNA sequence.

Program to solve sudokus given in JSON Format, written in Go

Golang function throttler

URLHEALTH - a utility function to help ensure that broken urls on documentations can be detected