- 注册时间
- 2021-4-16
- 最后登录
- 2024-7-3
- 在线时间
- 3 小时
编程入门
- 龙马币
- 52
|
win10 C++ 内核中遍历内核模块源码
下面直接放相关代码:
- #include <ntifs.h>
- LONGLONG mGetModuleBaseByName(PDRIVER_OBJECT pDriver, UNICODE_STRING moduleName)
- {
- UNREFERENCED_PARAMETER(moduleName);
- PLDR_DATA_TABLE_ENTRY pLdr = NULL;
- PLIST_ENTRY pListEntry = NULL;
- PLIST_ENTRY pCurrentListEntry = NULL;
-
- PLDR_DATA_TABLE_ENTRY pCurrentModule = NULL;
- pLdr = (PLDR_DATA_TABLE_ENTRY)pDriver->DriverSection;
- pListEntry = pLdr->InLoadOrderLinks.Flink;
- pCurrentListEntry = pListEntry->Flink;
-
- while (pCurrentListEntry != pListEntry)
- {
- //获取PLDR_DATA_TABLE_ENTRY结构
- pCurrentModule = CONTAINING_RECORD(pCurrentListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
- if (pCurrentModule->BaseDllName.Buffer != nullptr)
- {
-
- DbgPrintEx(0, 77, "ModuleName:%wZ", pCurrentModule->BaseDllName);
-
- //比较模块名
- if (RtlCompareUnicodeString(&pCurrentModule->BaseDllName, &moduleName, true) == 0)
- {
- return (LONGLONG)pCurrentModule->DllBase;
- }
-
- }
- pCurrentListEntry = pCurrentListEntry->Flink;
- }
- return 0;
- }
-
- void UnDriverLoad(DRIVER_OBJECT* pDriver)
- {
- UNREFERENCED_PARAMETER(pDriver);
- }
-
- extern "C" NTSTATUS DriverEntry(DRIVER_OBJECT * pDriver, UNICODE_STRING * pRegistryPath)
- {
- UNREFERENCED_PARAMETER(pRegistryPath);
- pDriver->DriverUnload = UnDriverLoad;
- UNICODE_STRING mName= RTL_CONSTANT_STRING(L"");
- mGetModuleBaseByName(pDriver, mName);
- return STATUS_SUCCESS;
- }
复制代码 |
|