golang获取windows版本和详细信息

场景:

将木马丢到感染机运行后回连时希望返回感染机的操作系统信息.golang 可以通过runtime.OS获取到操作系统类型,但是无法获取详细的版本信息,如win7 win10等,

解决方案;

下面是chatgpt的写法;


package main

import (
    "fmt"
    "os"
    "syscall"
    "unsafe"
)

func main() {
    version, err := getWindowsVersion()
    if err != nil {
        fmt.Println("Failed to get Windows version:", err)
        return
    }

    fmt.Println("Windows version:", version)
}

func getWindowsVersion() (string, error) {
    kernel32, err := syscall.LoadDLL("kernel32.dll")
    if err != nil {
        return "", err
    }

    proc, err := kernel32.FindProc("GetVersion")
    if err != nil {
        return "", err
    }

    version, _, _ := proc.Call()
    major := byte(version & 0xFF)
    minor := byte((version >> 8) & 0xFF)
    build := uint16((version >> 16) & 0xFFFF)

    var info syscall.RtlOsVersionInfoEx
    info.OSVersionInfoSize = uint32(unsafe.Sizeof(info))
    err = syscall.RtlGetVersion(&info)
    if err != nil {
        return "", err
    }

    switch {
    case major == 10 && build >= 22000:
        return "Windows 11", nil
    case major == 10 && build >= 19041:
        return "Windows 10 Version 2004 or later", nil
    case major == 10 && build >= 18362:
        return "Windows 10 Version 1903 or later", nil
    case major == 10 && build >= 17763:
        return "Windows 10 Version 1809 or later", nil
    case major == 10 && build >= 17134:
        return "Windows 10 Version 1803 or later", nil
    case major == 10 && build >= 16299:
        return "Windows 10 Version 1709 or later", nil
    case major == 10 && build >= 15063:
        return "Windows 10 Version 1703 or later", nil
    case major == 10 && build >= 14393:
        return "Windows 10 Version 1607 or later", nil
    case major == 10 && build >= 10586:
        return "Windows 10 Version 1511 or later", nil
    case major == 10:
        return "Windows 10 or later", nil
    case major == 6 && minor == 3:
        return "Windows 8.1", nil
    case major == 6 && minor == 2:
        return "Windows 8", nil
    case major == 6 && minor == 1:
        return "Windows 7", nil
    case major == 6 && minor == 0:
        return "Windows Vista", nil
    case major == 5 && minor == 2:
        return "Windows Server 2003", nil
    case major == 5 && minor == 1:
        return "Windows XP", nil
    default:
        return fmt.Sprintf("Windows %d.%d (Build %d)", major, minor, build), nil
    }
}
posted @ 2023-03-06 19:21  干炸小黄鱼  阅读(609)  评论(0编辑  收藏  举报