📄 jiurlsystemmodulessee.h
字号:
#include <windows.h>
// -----------------------------------------------------------------
#define CTL_CODE( DeviceType, Function, Method, Access ) ( \
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
)
#define FILE_ANY_ACCESS 0
#define METHOD_BUFFERED 0
#define FILE_DEVICE_JIURL 0x8000
#define JIURL_FUNCTION_BASE 0x0800
// 不用担心你的 IOCTL 的值与别人定义的值相同。
// 不要忘了,我们在应用程序中是要打开某个特定驱动程序的句柄的
// 所以这个值一定会发到你的驱动程序,由你的驱动程序来解释这个值
// -----------------------------------------------------------------
#define JIURL_IO(_code) \
CTL_CODE((FILE_DEVICE_JIURL), \
((JIURL_FUNCTION_BASE)+(_code)), \
(METHOD_BUFFERED), \
(FILE_ANY_ACCESS))
// -----------------------------------------------------------------
#define JIURL_MEM_OUTPUT JIURL_IO(0)
// -----------------------------------------------------------------
typedef struct _MEMORY_INFO {
PVOID StartVa;
ULONG nBytes;
} MEMORY_INFO, *PMEMORY_INFO;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _KMODULE {
/*00*/ LIST_ENTRY KernelLoadedModuleList; // _PsLoadedModuleList if last
/*08*/ ULONG d008;
/*0C*/ ULONG d00C;
/*10*/ PVOID p010;
/*14*/ ULONG p014;
/*18*/ PVOID ImageBase;
/*1C*/ PVOID EntryPoint;
/*20*/ ULONG SizeOfImage;
/*24*/ UNICODE_STRING Path;
/*2C*/ UNICODE_STRING ModuleName;
/*34*/
} KMODULE, *PKMODULE;
// -----------------------------------------------------------------
BOOL JiurlReadMemory(
HANDLE hDevice,
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to read
LPDWORD lpNumberOfBytesRead // number of bytes read
);
void JiurlSystemModulesSee(HANDLE hDevice);
void JiurlPeSectionsSee(HANDLE hDevice,PVOID BaseAddress);
// -----------------------------------------------------------------
// Windows 2000 build 2195
#define PsLoadedModuleList 0x8046a4c0
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -