能力值:
( LV2,RANK:10 )
|
-
-
2 楼
看雪就有呀,看雪有个山寨版冰刃你知道吧,里面有这个函数的使用
给你截出几句代码
if( pNtQuerySystemInformation == NULL )
{
pNtQuerySystemInformation = (pNtQuerySystemInformationProto)GetProcAddress( hNTDll, "NtQuerySystemInformation" );
if( !pNtQuerySystemInformation )
{
break;
}
}
Success = pNtQuerySystemInformation( \
SystemModuleInfo,
NULL,
0,
&nQuerySize
);
pModInfo = (PSYSMODULELIST)malloc( nQuerySize );
if( !pModInfo )
{
break;
}
Success = pNtQuerySystemInformation( \
SystemModuleInfo,
pModInfo,
nQuerySize,
&nRet
);
if( Success < 0 )
{
free( pModInfo );
pModInfo = NULL;
break;
}
*ulNtBase = (ULONG)(pModInfo->smi->Base); //顺便得到NT基址(ntoskrnl.exe在内核中的加载基址) ^_^
} while( FALSE );
::FreeLibrary( hNTDll );
return pModInfo;
}
|
|
|