-
Notifications
You must be signed in to change notification settings - Fork 1
/
process.go
56 lines (47 loc) · 1.06 KB
/
process.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package main
import (
"syscall"
"unsafe"
"golang.org/x/sys/windows"
)
const PROCESS_QUERY_LIMITED_INFORMATION uint32 = 0x1000
var (
modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
procQueryFullProcessImageNameW = modkernel32.NewProc("QueryFullProcessImageNameW")
)
func processPidToName(pid uint32) (string, error) {
handle, err := syscall.OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid)
if err != nil {
return "", err
}
defer syscall.CloseHandle(handle)
return queryFullProcessImageName(handle, 0)
}
func queryFullProcessImageName(
process syscall.Handle,
flags uint32,
) (s string, err error) {
var bufferSize uint32 = 32 * 1024
buffer := make([]uint16, bufferSize)
r1, _, e1 := syscall.Syscall6(
procQueryFullProcessImageNameW.Addr(),
4,
uintptr(process),
uintptr(flags),
uintptr(unsafe.Pointer(&buffer[0])),
uintptr(unsafe.Pointer(&bufferSize)),
0,
0,
)
if r1 == 0 {
if e1 != 0 {
err = e1
} else {
err = syscall.EINVAL
}
}
if err == nil {
s = syscall.UTF16ToString(buffer[:bufferSize])
}
return
}