Godyn - The Introspection Library
Godyn is a Windows-only library written in Golang and assembly that makes auditing, dissecting and changing Windows structures
easier and quicker.
I personally started the project as a pastime challenge for me to learn Go and apply this knowledge on an interesting project. So I figured, why not port an existing C++ (my PEParser) library to Go and then extend it?
However, it turned out the library shares several of the objectives of Go’s golang.org/x/sys/windows package
for Windows low-level interop and, as such, might seem superfluous. The truth is that
Godyn embraces a diametrically opposed philosopy:
Godyn only does few select things, but aims to do them properly. You can view
Godyn as a swiss-knife for the introspection of Windows structures.
Therefore, this is by no means a copy of
golang.org/x/sys/windows (besides, I didn’t even know it existed before writing this post) and is definitely not as complete.
- Runtime dynamic link library symbol resolution (
- Tools for thread and process internal information (
- PE header parser.
- Hooking primitives (
SetWindowsHookEx) and low-level IPC (
WriteProcessMemoryet al). This is still WIP.
List of modules loaded in the VA space