obtain a
list of loaded drivers under Windows NT
Author:
Thomas Stutz
{
This code takes advantage of the
undocumented NtQuerySystemInformation
API to obtain a list of loaded drivers under
Windows NT.
Dieser Code verwendet die undokumentiere NtQuerySystemInformation API
Funktion
um eine Liste aller geladenen Treiber unter
Windows NT zu ermitteln.
}
const
DRIVER_INFORMATION = 11;
type
TPDWord = ^DWORD;
TDriverInfo = packed record
Address: Pointer;
Unknown1: DWORD;
Unknown2: DWORD;
EntryIndex: DWORD;
Unknown4: DWORD;
Name: array [0..MAX_PATH + 3] of Char;
end;
var
NtQuerySystemInformation: function
(infoClass: DWORD;
buffer: Pointer;
bufSize: DWORD;
returnSize: TPDword): DWORD; stdcall = nil;
function GetDriverInfo: string;
var
temp, Index, numBytes, numEntries: DWORD;
buf: TPDword;
driverInfo: ^TDriverInfo;
begin
if @NtQuerySystemInformation = nil then
NtQuerySystemInformation :=
GetProcAddress(GetModuleHandle('ntdll.dll'),
'NtQuerySystemInformation');
// Obtain required buffer size
NtQuerySystemInformation(DRIVER_INFORMATION,
@temp, 0, @numBytes);
// Allocate buffer
buf := AllocMem(numBytes * 2);
NtQuerySystemInformation(DRIVER_INFORMATION,
buf, numBytes * 2, @numBytes);
numEntries := buf^;
driverInfo := Pointer(DWORD(buf) + 12);
Result
:= '';
for Index := 1 to numEntries do
begin
Result := Result + #$D#$A + 'Address: $'
+ IntToHex(DWORD(driverInfo^.Address), 8) +
'Name: "' + (driverInfo^.Name) +
'"';
Inc(driverInfo);
end;
Delete(Result, 1, 2);
FreeMem(buf);
end;
procedure TForm1.Button1Click(Sender:
TObject);
begin
ListBox1.Items.Add(GetDriverInfo)
end;
// Thanks to Madshi for helping me translate
from C++ Code
// Original Code (C++) :
// NtDriverList v1.0
// Copyright 1998, 1999 Yariv Kaplan
// WWW.INTERNALS.COM