Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

README.md

Process Snapshot

Simple example that shows how to call NtQuerySystemInformation to get a snapshot of all running processes using indirect syscalls.

Compile with:

GOOS=windows GOARCH=amd64 go build -ldflags="-s -w" -o process_snapshot.exe

Output:

PS C:\> .\process_snapshot.exe
PID:  4    Name:  System
PID:  72   Name:  Registry
PID:  312  Name:  smss.exe
PID:  408  Name:  csrss.exe
PID:  476  Name:  wininit.exe
PID:  484  Name:  csrss.exe
PID:  544  Name:  winlogon.exe
PID:  568  Name:  services.exe
...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

process_snapshot

process_snapshot

README.md

Process Snapshot

Files

process_snapshot

Directory actions

More options

Directory actions

More options

Latest commit

History

process_snapshot

Folders and files

parent directory

README.md

Process Snapshot