:1.751KB : :1 :2021-08-24 11:12:03
NtQuerySystemInformation (11, Buffer, 0, Ret)
Buffer = LocalAlloc (64, Ret × 2)
NtQuerySystemInformation (11, Buffer, Ret × 2, 0)
RtlMoveMemory (ModulesInfo, Buffer, 284)
Number = ModulesInfo.dwNumberOfModules
.变量循环首 (0, Number, 1, )
Buffer = Buffer + 71 × 4
RtlMoveMemory (ModulesInfo, Buffer, 284)
Path = 到文本 (ModulesInfo.ModuleInformation.ImageName)
.如果真 (Path = “”)
到循环尾 ()
.如果真结束
调试输出 (Path, ModulesInfo.ModuleInformation.Index, ModulesInfo.ModuleInformation.dwBase, ModulesInfo.ModuleInformation.dwSize, ModulesInfo.ModuleInformation.dwFlags, ModulesInfo.ModuleInformation.Unknown, ModulesInfo.ModuleInformation.LoadCount, ModulesInfo.ModuleInformation.dwReserved, ModulesInfo.ModuleInformation.ModuleNameOffset)
.变量循环尾 ()
LocalFree (Buffer)
01-17易语言枚举驱动,获取系统驱动列表
11-08枚举驱动文件位置的工具