场景:
将木马丢到感染机运行后回连时希望返回感染机的操作系统信息.golang 可以通过runtime.OS获取到操作系统类型,但是无法获取详细的版本信息,如win7 win10等,
解决方案;
下面是chatgpt的写法;
package main
import (
"fmt"
"os"
"syscall"
"unsafe"
)
func main() {
version, err := getWindowsVersion()
if err != nil {
fmt.Println("Failed to get Windows version:", err)
return
}
fmt.Println("Windows version:", version)
}
func getWindowsVersion() (string, error) {
kernel32, err := syscall.LoadDLL("kernel32.dll")
if err != nil {
return "", err
}
proc, err := kernel32.FindProc("GetVersion")
if err != nil {
return "", err
}
version, _, _ := proc.Call()
major := byte(version & 0xFF)
minor := byte((version >> 8) & 0xFF)
build := uint16((version >> 16) & 0xFFFF)
var info syscall.RtlOsVersionInfoEx
info.OSVersionInfoSize = uint32(unsafe.Sizeof(info))
err = syscall.RtlGetVersion(&info)
if err != nil {
return "", err
}
switch {
case major == 10 && build >= 22000:
return "Windows 11", nil
case major == 10 && build >= 19041:
return "Windows 10 Version 2004 or later", nil
case major == 10 && build >= 18362:
return "Windows 10 Version 1903 or later", nil
case major == 10 && build >= 17763:
return "Windows 10 Version 1809 or later", nil
case major == 10 && build >= 17134:
return "Windows 10 Version 1803 or later", nil
case major == 10 && build >= 16299:
return "Windows 10 Version 1709 or later", nil
case major == 10 && build >= 15063:
return "Windows 10 Version 1703 or later", nil
case major == 10 && build >= 14393:
return "Windows 10 Version 1607 or later", nil
case major == 10 && build >= 10586:
return "Windows 10 Version 1511 or later", nil
case major == 10:
return "Windows 10 or later", nil
case major == 6 && minor == 3:
return "Windows 8.1", nil
case major == 6 && minor == 2:
return "Windows 8", nil
case major == 6 && minor == 1:
return "Windows 7", nil
case major == 6 && minor == 0:
return "Windows Vista", nil
case major == 5 && minor == 2:
return "Windows Server 2003", nil
case major == 5 && minor == 1:
return "Windows XP", nil
default:
return fmt.Sprintf("Windows %d.%d (Build %d)", major, minor, build), nil
}
}