Kernel Mustard

This is a new one on me. I just saw this mentioned on NTDEV for the first time yesterday. AuxKlibQueryModuleInformation is a documented way to get the loaded modules, replacing some of the functionality of ZwQuerySystemInformation.

In fact, the entire Auxiliary Kernel-Mode Library Routines section is interesting. I had no idea it existed until now. Other exports include AuxKlibGetImageExportDirectory and AuxKlibGetBugCheckData.

Doron Holan says that it’s backward-compatible all the way to Windows 2000 via a static library, in a similar manner to cancel-safe queues and the safe string library.

Neato.

This entry was posted on Tuesday, June 5th, 2007 at 9:04 am and is filed under DDK, Programming, WDK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.