Archives

• September 2008
• April 2008
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005

Categories

• AI (1)
• authentication (4)
• Blogging (38)
• Culture (27)
• DDK (89)
• General nonsense (29)
• Intellectual Property (9)
• Microsoft (52)
• Networking (23)
• PhoneFactor (5)
• Positive Networks (8)
• Programming (115)
• Security (46)
• two-factor (4)
• Uncategorized (38)
• Vista (34)
• WDK (26)
• Windows (56)

Links

• A Hole In My Head
• Alex Ionescu's Blog
• Antimail
• Buggin' My Life Away
• craigrow: blogging about developing, testing and getting a logo for your drivers using the Windows Driver Kit and the Driver Test Manager
• Dana Epp's ramblings at the Sanctuary
• DebugInfo.com - Oleg Starodumov
• Fabulous Adventures In Coding
• Joel on Software
• Larry Osterman's WebLog
• Lori Pearce's WebLog
• Mark's Sysinternals Blog
• Metasploit
• Michael Howard's Web Log
• Nynaeve
• Pointless Blathering
• Positive Networks
• Positive Networks Blog
• Q & Stuff
• Schneier on Security
• Schwieb
• Sorting It All Out
• The Old New Thing
• Under The Hood - Matt Pietrek

Meta

• Register
• Login
• Valid XHTML
• XFN
• WordPress
• Domain
• Website Design
• Web Hosting

A documented way to get loaded modules

This is a new one on me. I just saw this mentioned on NTDEV for the first time yesterday. AuxKlibQueryModuleInformation is a documented way to get the loaded modules, replacing some of the functionality of ZwQuerySystemInformation.

In fact, the entire Auxiliary Kernel-Mode Library Routines section is interesting. I had no idea it existed until now. Other exports include AuxKlibGetImageExportDirectory and AuxKlibGetBugCheckData.

Doron Holan says that it’s backward-compatible all the way to Windows 2000 via a static library, in a similar manner to cancel-safe queues and the safe string library.

Neato.

This entry was posted on Tuesday, June 5th, 2007 at 9:04 am and is filed under Programming, DDK, WDK. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “A documented way to get loaded modules”

• Anonymous Says:
  April 5th, 2008 at 3:05 pm

  Hmmm… It seems as though the actual library available for download does not export AuxKlibGetImageExportDirectory and AuxKlibGetBugCheckData…

  -Steve Cleary

Leave a Reply

Name

Mail (will not be published)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Recent Posts

• Windows 7 Server == Windows Server 2008 R2
• Bad Idea: Making assumptions about CPU number
• At Driver DevCon
• Free advice (being worth what you pay for it, of course)
• PhoneFactor video
• Interesting peek at Win7
• No more single-core chips
• I guess it depends on what you’re hex editing
• Metasploit as the security Mendoza line
• The return of err.exe

Recent Comments

• Manny
• dispensa
• doug
• dispensa
• Yossi