1// +build windows 2 3package process 4 5import ( 6 "syscall" 7 "unsafe" 8 9 "github.com/shirou/gopsutil/v3/internal/common" 10) 11 12type PROCESS_MEMORY_COUNTERS struct { 13 CB uint32 14 PageFaultCount uint32 15 PeakWorkingSetSize uint64 16 WorkingSetSize uint64 17 QuotaPeakPagedPoolUsage uint64 18 QuotaPagedPoolUsage uint64 19 QuotaPeakNonPagedPoolUsage uint64 20 QuotaNonPagedPoolUsage uint64 21 PagefileUsage uint64 22 PeakPagefileUsage uint64 23} 24 25func queryPebAddress(procHandle syscall.Handle, is32BitProcess bool) uint64 { 26 if is32BitProcess { 27 //we are on a 64-bit process reading an external 32-bit process 28 var wow64 uint 29 30 ret, _, _ := common.ProcNtQueryInformationProcess.Call( 31 uintptr(procHandle), 32 uintptr(common.ProcessWow64Information), 33 uintptr(unsafe.Pointer(&wow64)), 34 uintptr(unsafe.Sizeof(wow64)), 35 uintptr(0), 36 ) 37 if int(ret) >= 0 { 38 return uint64(wow64) 39 } 40 } else { 41 //we are on a 64-bit process reading an external 64-bit process 42 var info processBasicInformation64 43 44 ret, _, _ := common.ProcNtQueryInformationProcess.Call( 45 uintptr(procHandle), 46 uintptr(common.ProcessBasicInformation), 47 uintptr(unsafe.Pointer(&info)), 48 uintptr(unsafe.Sizeof(info)), 49 uintptr(0), 50 ) 51 if int(ret) >= 0 { 52 return info.PebBaseAddress 53 } 54 } 55 56 //return 0 on error 57 return 0 58} 59 60func readProcessMemory(procHandle syscall.Handle, _ bool, address uint64, size uint) []byte { 61 var read uint 62 63 buffer := make([]byte, size) 64 65 ret, _, _ := common.ProcNtReadVirtualMemory.Call( 66 uintptr(procHandle), 67 uintptr(address), 68 uintptr(unsafe.Pointer(&buffer[0])), 69 uintptr(size), 70 uintptr(unsafe.Pointer(&read)), 71 ) 72 if int(ret) >= 0 && read > 0 { 73 return buffer[:read] 74 } 75 return nil 76} 77