官方的驱动中获取内核模块列表的办法

/*
文件名:AuxKlibQueryModuleInformation.C
功能:retrieves information about the image modules that the operating system has loaded.

SOURCE文件内容如下:
TARGETNAME=test

TARGETTYPE=DRIVER

TARGETLIBS=$(DDK_LIB_PATH)\Aux_klib.lib

SOURCES=AuxKlibQueryModuleInformation.C

TARGETPATH=obj

made by correy
made at 2013.11.15
email:kouleguan at hotmail dot com
homepage:http://correy.webs.com
不足之处,敬请指出.
*/

#include <ntifs.h>
#include <Aux_klib.h>

#define TAG  'tset' //test

DRIVER_UNLOAD Unload;
VOID Unload(__in PDRIVER_OBJECT DriverObject)
{  

}

#pragma INITCODE
DRIVER_INITIALIZE DriverEntry;
NTSTATUS DriverEntry(__in struct _DRIVER_OBJECT * DriverObject, __in PUNICODE_STRING RegistryPath)
{
    NTSTATUS status = 0;
    ULONG  modulesSize;
    AUX_MODULE_EXTENDED_INFO * modules;
    ULONG  numberOfModules;
    ULONG i;
    PIMAGE_EXPORT_DIRECTORY pied = 0;

    KdBreakPoint();

    DriverObject->DriverUnload = Unload;

    status = AuxKlibInitialize();
    if (!NT_SUCCESS( status ))
    {
        KdPrint(( "AuxKlibInitialize fail %d\n", status));
        return status;
    }  
 
    status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), NULL);// Get the required array size.
    if (!NT_SUCCESS(status) || modulesSize == 0) {
        return status;
    }
 
    numberOfModules = modulesSize / sizeof(AUX_MODULE_EXTENDED_INFO);// Calculate the number of modules.
     
    modules = (AUX_MODULE_EXTENDED_INFO*) ExAllocatePoolWithTag(PagedPool, modulesSize, TAG);// Allocate memory to receive data.
    if (modules == NULL) {
        status = STATUS_INSUFFICIENT_RESOURCES;
        return status;
    }
    RtlZeroMemory(modules, modulesSize);
 
    status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), modules);// Obtain the module information.
    if (!NT_SUCCESS(status)) {
        ExFreePoolWithTag(modules,TAG);
        return status;
    }

    for (i = 0;i<numberOfModules;i++)
    {
        KdPrint(("加载顺序：%d\n",i));
        KdPrint(("FileName：%s\n",modules[i].FullPathName + modules[i].FileNameOffset));
        KdPrint(("ImageBase：%p\n",modules[i].BasicInfo.ImageBase));
        KdPrint(("ImageSize：0x%08x\n",modules[i].ImageSize));
        KdPrint(("FullPathName：%s\n",modules[i].FullPathName));
        KdPrint(("\n\n"));

        //注意传递的地址不要错,要可以访问的,并且是一个文件内存的地址.
        //PVOID ImageBase = modules[i].BasicInfo.ImageBase;
        //pied = AuxKlibGetImageExportDirectory(ImageBase);
        //这里可以打印每个驱动的更多的信息.
    }

    ExFreePoolWithTag(modules,TAG);
    return status;
}