1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
*/
package ringlogger
import (
"golang.org/x/sys/windows"
"golang.org/x/sys/windows/registry"
"golang.zx2c4.com/wireguard/windows/conf"
"io"
"os"
"path"
)
func DumpTo(out io.Writer, localSystem bool) error {
var filepath string
if !localSystem {
root, err := conf.RootDirectory()
if err != nil {
return err
}
filepath = path.Join(root, "log.bin")
} else {
k, err := registry.OpenKey(registry.LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18", registry.QUERY_VALUE)
if err != nil {
return err
}
defer k.Close()
systemprofile, _, err := k.GetStringValue("ProfileImagePath")
if err != nil {
return err
}
systemprofile, err = registry.ExpandString(systemprofile)
if err != nil {
return err
}
filepath = path.Join(systemprofile, "AppData", "Local", "WireGuard", "log.bin")
}
file, err := os.Open(filepath)
if err != nil {
return err
}
defer file.Close()
mapping, err := windows.CreateFileMapping(windows.Handle(file.Fd()), nil, windows.PAGE_READONLY, 0, 0, nil)
if err != nil {
return err
}
rl, err := newRingloggerFromMappingHandle(mapping, "DMP", windows.FILE_MAP_READ)
if err != nil {
windows.CloseHandle(mapping)
return err
}
defer rl.Close()
_, err = rl.WriteTo(out)
if err != nil {
return err
}
return nil
}
|