Projects STRLCPY BananaPhone Files
21 lines | ISO-8859-1 | 1 KB


Like hells gate, but more go, more banana.

Useful references:

This is a pure-go implementation of using direct syscalls to do windowsy stuff. Don't be silly and try this on not-Windows, it won't work and I honestly don't know why you'd even think it would?

Several useful functions in dealing with process things are provided by this lib. Namely:

  • Syscall with a provided sysid and uintptrs to parameters, you're able to do a Windows syscall for pretty much any defined kernel call. I only tried with a handful, but it should work with any/most.
  • GetPEB return the memory location of the PEB wihtout performing any API calls. At it's core, just does this: MOVQ 0x60(GS), AX ; MOVQ AX, ret+0(FP)(this is the Go ASM syntax, incase you're confused.)
  • GetNtdllStart return the start address of ntdll loaded in process memory. Does not make any API calls (see asm_x64.s for details)
  • WriteMemory take a byte slice, and write it to a certain memory address (may panic if not writable etc lol)
  • A handful of predefined kernel calls like NtAllocateVirtualMemory etc. See source for more details and whatnot.


See examples in example/.

Please wait...
Page is in error, reload to recover