From 20d9dbcf9f43d8bf7c416823069478a4f48703ce Mon Sep 17 00:00:00 2001 From: PhatPhuckDave Date: Tue, 1 Oct 2024 22:38:57 +0200 Subject: [PATCH] Initial commit --- .gitignore | 1 + go.mod | 5 +++ go.sum | 2 ++ main.go | 38 ++++++++++++++++++++++ procmap.go | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 138 insertions(+) create mode 100644 .gitignore create mode 100644 go.mod create mode 100644 go.sum create mode 100644 main.go create mode 100644 procmap.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..926b439 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +main.log diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..829682f --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module hitman + +go 1.23.0 + +require golang.org/x/sys v0.25.0 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..c9930ff --- /dev/null +++ b/go.sum @@ -0,0 +1,2 @@ +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/main.go b/main.go new file mode 100644 index 0000000..4f70d35 --- /dev/null +++ b/main.go @@ -0,0 +1,38 @@ +package main + +import ( + "fmt" + "io" + "log" + "os" +) + +var Error *log.Logger +var Warning *log.Logger +func init() { + log.SetFlags(log.Lmicroseconds | log.Lshortfile) + logFile, err := os.Create("main.log") + if err != nil { + log.Printf("Error creating log file: %v", err) + os.Exit(1) + } + logger := io.MultiWriter(os.Stdout, logFile) + log.SetOutput(logger) + + Error = log.New(io.MultiWriter(logFile, os.Stderr, os.Stdout), + fmt.Sprintf("%sERROR:%s ", "\033[0;101m", "\033[0m"), + log.Lmicroseconds|log.Lshortfile) + Warning = log.New(io.MultiWriter(logFile, os.Stdout), + fmt.Sprintf("%sWarning:%s ", "\033[0;93m", "\033[0m"), + log.Lmicroseconds|log.Lshortfile) +} + +func main() { + procmap, err := BuildProcessMap() + if err != nil { + Error.Printf("Error building process map: %v", err) + return + } + + log.Printf("%#v", procmap) +} diff --git a/procmap.go b/procmap.go new file mode 100644 index 0000000..305f83e --- /dev/null +++ b/procmap.go @@ -0,0 +1,92 @@ +package main + +import ( + "unsafe" + + "golang.org/x/sys/windows" +) + +type ( + ProcessMap struct { + Map map[uint32]*ProcessMapNode + NameIndex map[string][]*ProcessMapNode + } + ProcessMapNode struct { + Proc windows.ProcessEntry32 + Name string + Children map[uint32]*ProcessMapNode + } +) + +func (pt *ProcessMap) add(proc *windows.ProcessEntry32) error { + if pt.Map == nil { + pt.Map = make(map[uint32]*ProcessMapNode) + } + if pt.NameIndex == nil { + pt.NameIndex = make(map[string][]*ProcessMapNode) + } + + procNode := &ProcessMapNode{ + Proc: *proc, + Name: windows.UTF16ToString(proc.ExeFile[:]), + } + + _, ok := pt.NameIndex[procNode.Name] + if !ok { + pt.NameIndex[procNode.Name] = make([]*ProcessMapNode, 0) + } + pt.NameIndex[procNode.Name] = append(pt.NameIndex[procNode.Name], procNode) + + parent, parentExists := pt.Map[proc.ParentProcessID] + if !parentExists { + parent = procNode + pt.Map[proc.ParentProcessID] = parent + } + + child, childExists := pt.Map[proc.ProcessID] + if !childExists { + child = procNode + pt.Map[proc.ProcessID] = child + } + + if parent.Children == nil { + parent.Children = make(map[uint32]*ProcessMapNode) + } + parent.Children[proc.ProcessID] = child + + return nil +} + +func (pt *ProcessMap) findByName(name string) ([]*ProcessMapNode, bool) { + val, ok := pt.NameIndex[name] + return val, ok +} +func (pt *ProcessMap) findByPid(pid uint32) (*ProcessMapNode, bool) { + val, ok := pt.Map[pid] + return val, ok +} + +func BuildProcessMap() (*ProcessMap, error) { + tree := &ProcessMap{} + + snapshot, err := windows.CreateToolhelp32Snapshot(windows.TH32CS_SNAPPROCESS, 0) + if err != nil { + return nil, err + } + defer windows.CloseHandle(snapshot) + + var pe32 windows.ProcessEntry32 + pe32.Size = uint32(unsafe.Sizeof(pe32)) + + var i int + err = windows.Process32First(snapshot, &pe32) + for err == nil { + tree.add(&pe32) + i++ + if i > 500 { + break + } + err = windows.Process32Next(snapshot, &pe32) + } + return tree, nil +}