windows驱动开发22获取自身驱动的模块地址和大小长度

获取自身驱动的模块地址和大小长度

//https://blog.csdn.net/i735740559/article/details/121010037
#include <ntifs.h>
#include <minwindef.h>
#define Log(X) DbgPrint("qi:"X##)

typedef
VOID
(*PKNORMAL_ROUTINE) (
	IN PVOID NormalContext,
	IN PVOID SystemArgument1,
	IN PVOID SystemArgument2
	);
typedef struct SYSTEM_MODULE {
	ULONG                Reserved1;
	ULONG                Reserved2;
#ifdef _WIN64
	ULONG				Reserved3;
#endif
	PVOID                ImageBaseAddress;
	ULONG                ImageSize;
	ULONG                Flags;
	WORD                 Id;
	WORD                 Rank;
	WORD                 w018;
	WORD                 NameOffset;
	CHAR                 Name[MAXIMUM_FILENAME_LENGTH];
}SYSTEM_MODULE, * PSYSTEM_MODULE;
typedef struct SYSTEM_MODULE_INFORMATION {
	ULONG                ModulesCount;
	SYSTEM_MODULE        Modules[1];
} SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;
typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
	HANDLE Section;
	PVOID MappedBase;
	PVOID Base;
	ULONG Size;
	ULONG Flags;
	USHORT LoadOrderIndex;
	USHORT InitOrderIndex;
	USHORT LoadCount;
	USHORT PathLength;
	CHAR ImageName[256];
} SYSTEM_MODULE_INFORMATION_ENTRY, * PSYSTEM_MODULE_INFORMATION_ENTRY;
typedef enum _SYSTEM_INFORMATION_CLASS   //   Q S
{
	SystemBasicInformation,           // 00 Y N
	SystemProcessorInformation,         // 01 Y N
	SystemPerformanceInformation,       // 02 Y N
	SystemTimeOfDayInformation,         // 03 Y N
	SystemNotImplemented1,           // 04 Y N
	SystemProcessesAndThreadsInformation, // 05 Y N
	SystemCallCounts,               // 06 Y N
	SystemConfigurationInformation,     // 07 Y N
	SystemProcessorTimes,             // 08 Y N
	SystemGlobalFlag,               // 09 Y Y
	SystemNotImplemented2,           // 10 Y N
	SystemModuleInformation,           // 11 Y N
	SystemLockInformation,           // 12 Y N
	SystemNotImplemented3,           // 13 Y N
	SystemNotImplemented4,           // 14 Y N
	SystemNotImplemented5,           // 15 Y N
	SystemHandleInformation,           // 16 Y N
	SystemObjectInformation,           // 17 Y N
	SystemPagefileInformation,         // 18 Y N
	SystemInstructionEmulationCounts,     // 19 Y N
	SystemInvalidInfoClass1,           // 20
	SystemCacheInformation,           // 21 Y Y
	SystemPoolTagInformation,         // 22 Y N
	SystemProcessorStatistics,         // 23 Y N
	SystemDpcInformation,             // 24 Y Y
	SystemNotImplemented6,           // 25 Y N
	SystemLoadImage,               // 26 N Y
	SystemUnloadImage,               // 27 N Y
	SystemTimeAdjustment,             // 28 Y Y
	SystemNotImplemented7,           // 29 Y N
	SystemNotImplemented8,           // 30 Y N
	SystemNotImplemented9,           // 31 Y N
	SystemCrashDumpInformation,         // 32 Y N
	SystemExceptionInformation,         // 33 Y N
	SystemCrashDumpStateInformation,     // 34 Y Y/N
	SystemKernelDebuggerInformation,     // 35 Y N
	SystemContextSwitchInformation,     // 36 Y N
	SystemRegistryQuotaInformation,     // 37 Y Y
	SystemLoadAndCallImage,           // 38 N Y
	SystemPrioritySeparation,         // 39 N Y
	SystemNotImplemented10,           // 40 Y N
	SystemNotImplemented11,           // 41 Y N
	SystemInvalidInfoClass2,           // 42
	SystemInvalidInfoClass3,           // 43
	SystemTimeZoneInformation,         // 44 Y N
	SystemLookasideInformation,         // 45 Y N
	SystemSetTimeSlipEvent,           // 46 N Y
	SystemCreateSession,             // 47 N Y
	SystemDeleteSession,             // 48 N Y
	SystemInvalidInfoClass4,           // 49
	SystemRangeStartInformation,       // 50 Y N
	SystemVerifierInformation,         // 51 Y Y
	SystemAddVerifier,               // 52 N Y
	SystemSessionProcessesInformation     // 53 Y N
} SYSTEM_INFORMATION_CLASS;
__kernel_entry NTSTATUS NtQuerySystemInformation(
	SYSTEM_INFORMATION_CLASS SystemInformationClass,
	PVOID                    SystemInformation,
	ULONG                    SystemInformationLength,
	PULONG                   ReturnLength
);

VOID GetSelfKernelModuleBase(PULONG64 KrnlBase, PULONG64 KrnlSize);
NTSTATUS DriverUnload(PDRIVER_OBJECT pdriver)
{
	Log("unload...\n");
	return STATUS_SUCCESS;
}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING path)
{
	DriverObject->DriverUnload = DriverUnload;
	Log("loading...\n");
	ULONG64 KrnlBase = 0;
	ULONG64 KrnlSize = 0;
	GetSelfKernelModuleBase(KrnlBase, KrnlSize);
	Log("KrnlBase 0x%x KrnlSize\n", KrnlBase, KrnlSize);
	return STATUS_SUCCESS;
}

//功能:模块基址,模块大小
VOID GetSelfKernelModuleBase(PULONG64 KrnlBase, PULONG64 KrnlSize)
{
	NTSTATUS status;
	ULONG size;
	char* pDrvName;
	PSYSTEM_MODULE_INFORMATION moduleinfo;
	PSYSTEM_MODULE_INFORMATION_ENTRY moduleinfoentry;

	status = NtQuerySystemInformation(11, &size, NULL, &size);
	if (status != 0xc0000004)
	{
		return;
	}

	moduleinfo = ExAllocatePool(NonPagedPool, size);
	if (moduleinfo == NULL)
	{
		return;
	}

	do
	{

		status = NtQuerySystemInformation(11, moduleinfo, size, &size);
		if (!NT_SUCCESS(status))
		{
			break;
		}

		moduleinfoentry = moduleinfo->Modules;
		*KrnlBase = moduleinfoentry->Base;
		*KrnlSize = moduleinfoentry->Size;

	} while (FALSE);


	ExFreePool(moduleinfo);
}