Created
December 5, 2018 05:56
-
-
Save adamyordan/02a49f9ef3d1570ecc17e3c5f01dc04e to your computer and use it in GitHub Desktop.
Check whether a file has alternative data stream in go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package checker | |
| import ( | |
| "golang.org/x/sys/windows" | |
| "syscall" | |
| "unsafe" | |
| ) | |
| var kernel32 = windows.NewLazyDLL("kernel32.dll") | |
| var ( | |
| findFirstStreamW = kernel32.NewProc("FindFirstStreamW") | |
| findNextStreamW = kernel32.NewProc("FindNextStreamW") | |
| ) | |
| /* | |
| HANDLE WINAPI FindFirstStreamW( | |
| __in LPCWSTR lpFileName, | |
| __in STREAM_INFO_LEVELS InfoLevel, (0 standard, 1 max infos) | |
| __out LPVOID lpFindStreamData, (return information about file in a WIN32_FIND_STREAM_DATA if 0 is given in infos_level | |
| __reserved DWORD dwFlags (Reserved for future use. This parameter must be zero.) cf: doc | |
| ); | |
| https://msdn.microsoft.com/en-us/library/aa364424(v=vs.85).aspx | |
| */ | |
| func HasStream(f string) (bool, string) { | |
| buf := make([]uint16, 32) | |
| ret, _ , _ := findFirstStreamW.Call( | |
| uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(f))), | |
| 0, | |
| uintptr(unsafe.Pointer(&buf[0])), | |
| 0, | |
| ) | |
| buf2 := make([]uint16, 32) | |
| ret2, _, _ := findNextStreamW.Call( | |
| uintptr(ret), | |
| uintptr(unsafe.Pointer(&buf2[0])), | |
| ) | |
| streamName := syscall.UTF16ToString(buf2[4:]) | |
| return ret2 != 0, streamName | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment