Godyn

Godyn - The Introspection Library

Godyn is a Windows-only library written in Golang and assembly that makes auditing, dissecting and changing Windows structures easier and quicker.

Why Godyn?

I personally started the project as a pastime challenge for me to learn Go and apply this knowledge on an interesting project. So I figured, why not port an existing C++ (my PEParser) library to Go and then extend it? However, it turned out the library shares several of the objectives of Go’s golang.org/x/sys/windows package for Windows low-level interop and, as such, might seem superfluous. The truth is that Godyn embraces a diametrically opposed philosopy: Godyn only does few select things, but aims to do them properly. You can view Godyn as a swiss-knife for the introspection of Windows structures.

Therefore, this is by no means a copy of golang.org/x/sys/windows (besides, I didn’t even know it existed before writing this post) and is definitely not as complete.

Features

  • Runtime dynamic link library symbol resolution (GetProcAddress).
  • Tools for thread and process internal information (TEB and PEB) auditing.
  • PE header parser.
  • Hooking primitives (SetWindowsHookEx) and low-level IPC (WriteProcessMemory et al). This is still WIP.

Screenshots

GetProcAddress (WIP) GetProcAddress

List of modules loaded in the VA space Module List