[QUOTE=竹君;131458]#include "refresh.h"
void FindModuleByAddress( ULONG Address, PVOID buffer)
{
NTSTATUS status;
ULONG size;
ULONG i;
ULONG minAddress;
ULONG maxAddress;
PSYSMODULELIST List;
ZwQuerySystemInformation( SystemModuleInformation ,&size,0,&size);
KdPrint(("[FindModuleByAddress] size:0x%x\n",size));
List=(PSYSMODULELIST)ExAllocatePool(NonPagedPool,size);
if(List==NULL)
{
KdPrint(("[FindModuleByAddress] malloc memory failed\n"));
return ;
}
status=ZwQuerySystemInformation(SystemModuleInformation,List,size,0);
if(!NT_SUCCESS(status))
{
KdPrint(("[FindModuleByAddress] query failed\n"));
//打印错误
KdPrint(("[FindModuleByAddress] status: 0x%x\n",status));
ExFreePool( List );
return ;
}
//得到了模块链表
//判断模块名
for( i=0; i<List->ulCount; i++)
{
//得到模块的范围
minAddress = (ULONG)List->smi[i].Base;
maxAddress = minAddress + List->smi[i].Size;
//判断地址
if( Address >= minAddress && Address <= maxAddress )
{
memcpy( buffer, List->smi[i].ImageName,sizeof(List->smi[i].ImageName));
KdPrint(("[FindModuleByAddress] modulename: %s\n",buffer));
break;
}
}
//释放内存
ExFreePool(List);
} [/QUOTE]
这个是枚举内核模块的例子 看雪前辈的
我怎么就找不到 PSYSMODULELIST 这结构呢
搜遍了WRK DDK WINSDK BAIDU GOOGLE 都没有这结构体的定义
请问下在线的前辈们 这结构存在吗
可否给小菜看看它的定义呢
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课