列舉系統驅動

技術 · 發表 2018-12-01 20:56:59

摘要： #ifdef __cplusplus extern "C" { #endif #include <ntddk.h> typedef struct _LDR_DATA_TABLE_ENTRY { LIST_ENTRY InLoadOrderLinks; ...

#ifdef __cplusplus
extern "C"
{
#endif

#include <ntddk.h>

typedef struct _LDR_DATA_TABLE_ENTRY {
LIST_ENTRY InLoadOrderLinks;
LIST_ENTRY InMemoryOrderLinks;
LIST_ENTRY InInitializationOrderLinks;
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
USHORT LoadCount;
USHORT TlsIndex;
union {
LIST_ENTRY HashLinks;
struct {
PVOID SectionPointer;
ULONG CheckSum;
};
};
union {
struct {
ULONG TimeDateStamp;
};
struct {
PVOID LoadedImports;
};
};
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;

void EnumDriver(PDRIVER_OBJECT pDriver)
{
KdPrint(("enum begin"));
LIST_ENTRY *pList = ((PLDR_DATA_TABLE_ENTRY)pDriver->DriverSection)->InLoadOrderLinks.Blink;

while (pList != &((PLDR_DATA_TABLE_ENTRY)pDriver->DriverSection)->InLoadOrderLinks)
{
KdPrint(("%wZ",&((PLDR_DATA_TABLE_ENTRY)pList)->BaseDllName));
pList = pList->Blink;
}
KdPrint(("enum end"));
}

void DriverUnload(PDRIVER_OBJECT pDriver)
{
KdPrint(("unload..."));
}

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriver,PUNICODE_STRING pRes)
{
NTSTATUS status = STATUS_SUCCESS;
KdPrint(("load..."));
pDriver->DriverUnload = DriverUnload;
EnumDriver(pDriver);
return status;
}


#ifdef __cplusplus
}
#endif

本文連結地址: ofollow,noindex" target="_blank"> https://www.dbgpro.com/archives/4750.html

——版權宣告——

列舉系統驅動

您可能也會喜歡…