如何获取系统模块
如何获取系统模块
像冰刃那样的 可以获取系统sys文件
[解决办法]
我也没用过这个API,帮你查了一下:
Const STATUS_INFO_LENGTH_MISMATCH = (-1073741820)
Type SYSTEM_HANDLE_INFORMATION
ProcessId As Long
ObjectTypeNumber As Byte
Flags As Byte
Handle As Integer
Object As Long
GrantedAccess As Long
End Type
Type SYSTEM_HANDLE_INFORMATION_EX
NumberOfHandles As Long
Handles() As SYSTEM_HANDLE_INFORMATION
End Type
Declare Function ZwQuerySystemInformation Lib "ntdll.dll " (ByVal infoClass As Long, ByVal buf As Long, ByVal bufSize As Long, ByVal retSize As Long) As Long
Declare Function ZwQueryObject Lib "ntdll.dll " (ByVal ObjectHandle As Long, ByVal ObjectInformationClass As Long, ByVal ObjectInformation As Long, ByVal ObjectInformationLength As Long, ByVal ReturnLength As Long) As Long
Do
mPtr = VirtualAlloc(0, mSize, MEM_COMMIT, PAGE_READWRITE)
St = ZwQuerySystemInformation(SYSTEM_HANDLE_INFORMATION, mPtr, mSize, ret)
If St = STATUS_INFO_LENGTH_MISMATCH Then
VirtualFree mPtr, 0, MEM_DECOMMIT
mSize = mSize * 2
End If
Loop While St = STATUS_INFO_LENGTH_MISMATCH
[解决办法]
WIN2000以后,貌似驱动也是作为服务的形式存在于系统的...
我看了一下,在这个键值里就是本机所有的服务:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
每个子键下面的Type类型,如果是1,好象就是驱动了
20(16进制),是服务,10(16进制),好象是应用程序
具体的你自己查一下MSDN吧
估计那API也是读的注册表
[解决办法]
Public Type SYSTEM_MODULE_INFORMATION
reserved(1) As Long 'ULONG reserved[2];
base As Long 'PVOID Base;
size As Long 'ULONG Size;
flags As Long 'ULONG Flags;
index As Integer 'USHORT Index;
unkn As Integer 'USHORT Unknown;
lcount As Integer 'USHORT LoadCount;
modoffset As Integer 'USHORT ModuleNameOffset;
ImageName As String * 256 'CHAR ImageName[256];
End Type
Private Declare Sub CopyMemory Lib "kernel32 " Alias "RtlMoveMemory " (Destination As Any, Source As Any, ByVal Length As Long)
Private Declare Function NtQuerySystemInformation Lib "ntdll.dll " ( _
ByVal dwInfoType As Long, _
ByRef lpStructure As Any, _
ByVal dwSize As Long, _
dwReserved As Long) As Long
Private Const SYSMODINFO_SPECIFIER = 11
Public Function ListDrivers(Drivers() As SYSTEM_MODULE_INFORMATION)
Dim Entries As Long
Dim numBytes As Long
Dim bufSize As Long
Dim buf() As Byte
Dim smi As SYSTEM_MODULE_INFORMATION
Dim offset As Long
Dim i As Long
Dim Count As Integer
NtQuerySystemInformation SYSMODINFO_SPECIFIER, Entries, 4, numBytes
bufSize = Len(smi) * (Entries + 1)
ReDim buf(bufSize)
NtQuerySystemInformation SYSMODINFO_SPECIFIER, buf(0), bufSize, numBytes
CopyMemory Entries, buf(0), 4
offset = 4
For i = 1 To Entries
CopyMemory smi, buf(offset), Len(smi)
bufSize = InStr(smi.ImageName, Chr(0))
ReDim Preserve Drivers(Count)
Drivers(Count) = smi
Count = Count + 1
offset = offset + Len(smi)
Next
End Function
