您的位置:程序门 -> vb ->



如何获取系统模块


[收藏此页] [打印本页]选择字色:背景色:字体:[][][]


如何获取系统模块[已结贴,结贴人:bbata]
发表于:2007-06-15 01:40:05 楼主
如何获取系统模块  

像冰刃那样的     可以获取系统sys文件
发表于:2007-06-15 09:05:341楼 得分:0
不明白
发表于:2007-06-15 09:30:222楼 得分:0
如何获取系统模块,什么东西?
发表于:2007-06-16 21:23:233楼 得分:0
\windows\system32\ntoskrnl.exe
\windows\system32\hal.dll
\windows\system32\kdcom.dll
\windows\system32\bootvid.dll
d347bus.sys
acpi.sys
\windows\system32\drivers\wmilib.sys
mzdsys.sys
pci.sys
isapnp.sys
.................
发表于:2007-06-17 02:12:144楼 得分:0
.................
发表于:2007-06-17 07:55:425楼 得分:0
http://technet.microsoft.com/en-us/library/bb457124.aspx#eiaa
列出了系统文件的列表。
你的问题关键在于怎样判断是否是system   files.
发表于:2007-06-19 03:57:426楼 得分:0
冰刃   内核模块   都没用过???
发表于:2007-06-19 18:37:577楼 得分:0
这些好象都是驱动....?
发表于:2007-06-20 15:48:038楼 得分:0
说清楚点,不知道你说什么?如果是程序模块就好办
发表于:2007-06-20 19:00:489楼 得分:0
lz上的朋友   难道
冰刃   内核模块     这样还不够清楚??

to   myjian(嗷嗷叫的老马--彻底伤心了....今年不找gf了.....;()  
是的   就是当前机器的驱动    

自己查了一些资料   就是zwquerysysteminformation函数的使用  
vc下调用很简单       vb中有点问题   请高手帮忙解决

typedef   struct   _system_module_information   {   //   information   class   11
        ulong   reserved[2];
        pvoid   base;
        ulong   size;
        ulong   flags;
        ushort   index;
        ushort   unknown;
        ushort   loadcount;
        ushort   modulenameoffset;
        char   imagename[256];
}   system_module_information,   *psystem_module_information;

如何获取这个结构信息
不知道这样够清楚了么。。。
发表于:2007-06-21 10:12:4610楼 得分:0
顶上来  
发表于:2007-06-21 14:26:2711楼 得分:5
我也没用过这个api,帮你查了一下:

const   status_info_length_mismatch   =   (-1073741820)

type   system_handle_information
        processid   as   long
        objecttypenumber   as   byte
        flags   as   byte
        handle   as   integer
        object   as   long
        grantedaccess   as   long
end   type

type   system_handle_information_ex
            numberofhandles   as   long
            handles()   as   system_handle_information
end   type


declare   function   zwquerysysteminformation   lib   "ntdll.dll "   (byval   infoclass   as   long,   byval   buf   as   long,   byval   bufsize   as   long,   byval   retsize   as   long)   as   long

declare   function   zwqueryobject   lib   "ntdll.dll "   (byval   objecthandle   as   long,   byval   objectinformationclass   as   long,   byval   objectinformation   as   long,   byval   objectinformationlength   as   long,   byval   returnlength   as   long)   as   long

do
        mptr   =   virtualalloc(0,   msize,   mem_commit,   page_readwrite)
        st   =   zwquerysysteminformation(system_handle_information,   mptr,   msize,   ret)
        if   st   =   status_info_length_mismatch   then
                virtualfree   mptr,   0,   mem_decommit
                msize   =   msize   *   2
        end   if
loop   while   st   =   status_info_length_mismatch
发表于:2007-06-21 20:53:5612楼 得分:15
win2000以后,貌似驱动也是作为服务的形式存在于系统的...

我看了一下,在这个键值里就是本机所有的服务:

hkey_local_machine\system\currentcontrolset\services

每个子键下面的type类型,如果是1,好象就是驱动了

20(16进制),是服务,10(16进制),好象是应用程序

具体的你自己查一下msdn吧

估计那api也是读的注册表
发表于:2007-06-22 15:36:4913楼 得分:80

public   type   system_module_information
        reserved(1)   as   long                                 'ulong   reserved[2];
        base   as   long                                               'pvoid   base;
        size   as   long                                               'ulong   size;
        flags   as   long                                             'ulong   flags;
        index   as   integer                                       'ushort   index;
        unkn   as   integer                                         'ushort   unknown;
        lcount   as   integer                                     'ushort   loadcount;
        modoffset   as   integer                               'ushort   modulenameoffset;
        imagename   as   string   *   256                     'char   imagename[256];
end   type
private   declare   sub   copymemory   lib   "kernel32 "   alias   "rtlmovememory "   (destination   as   any,   source   as   any,   byval   length   as   long)

private   declare   function   ntquerysysteminformation   lib   "ntdll.dll "   (   _
        byval   dwinfotype   as   long,   _
        byref   lpstructure   as   any,   _
        byval   dwsize   as   long,   _
        dwreserved   as   long)   as   long
private   const   sysmodinfo_specifier   =   11

public   function   listdrivers(drivers()   as   system_module_information)
dim   entries   as   long
dim   numbytes   as   long
dim   bufsize   as   long
dim   buf()   as   byte
dim   smi   as   system_module_information
dim   offset   as   long
dim   i   as   long
dim   count   as   integer
   
        ntquerysysteminformation   sysmodinfo_specifier,   entries,   4,   numbytes
        bufsize   =   len(smi)   *   (entries   +   1)
        redim   buf(bufsize)
        ntquerysysteminformation   sysmodinfo_specifier,   buf(0),   bufsize,   numbytes
        copymemory   entries,   buf(0),   4
       
        offset   =   4
        for   i   =   1   to   entries
                copymemory   smi,   buf(offset),   len(smi)
                bufsize   =   instr(smi.imagename,   chr(0))
                redim   preserve   drivers(count)
                drivers(count)   =   smi
                count   =   count   +   1
                offset   =   offset   +   len(smi)
        next

end   function

发表于:2007-06-22 20:19:3014楼 得分:0
谢谢   iori915189(八神)

相关文章
其他资讯

快速检索
分类导航标签a

最新资讯
热门点击