如何获取系统模块
如何获取系统模块

像冰刃那样的 可以获取系统sys文件

[解决办法]
我也没用过这个API,帮你查了一下：

Const STATUS_INFO_LENGTH_MISMATCH = (-1073741820)

Type SYSTEM_HANDLE_INFORMATION
ProcessId As Long
ObjectTypeNumber As Byte
Flags As Byte
Handle As Integer
Object As Long
GrantedAccess As Long
End Type

Type SYSTEM_HANDLE_INFORMATION_EX
NumberOfHandles As Long
Handles() As SYSTEM_HANDLE_INFORMATION
End Type


Declare Function ZwQuerySystemInformation Lib "ntdll.dll " (ByVal infoClass As Long, ByVal buf As Long, ByVal bufSize As Long, ByVal retSize As Long) As Long

Declare Function ZwQueryObject Lib "ntdll.dll " (ByVal ObjectHandle As Long, ByVal ObjectInformationClass As Long, ByVal ObjectInformation As Long, ByVal ObjectInformationLength As Long, ByVal ReturnLength As Long) As Long

Do
mPtr = VirtualAlloc(0, mSize, MEM_COMMIT, PAGE_READWRITE)
St = ZwQuerySystemInformation(SYSTEM_HANDLE_INFORMATION, mPtr, mSize, ret)
If St = STATUS_INFO_LENGTH_MISMATCH Then
VirtualFree mPtr, 0, MEM_DECOMMIT
mSize = mSize * 2
End If
Loop While St = STATUS_INFO_LENGTH_MISMATCH
[解决办法]
WIN2000以后,貌似驱动也是作为服务的形式存在于系统的...

我看了一下,在这个键值里就是本机所有的服务:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

每个子键下面的Type类型,如果是1,好象就是驱动了

20(16进制),是服务,10(16进制),好象是应用程序

具体的你自己查一下MSDN吧

估计那API也是读的注册表
[解决办法]

Public Type SYSTEM_MODULE_INFORMATION
reserved(1) As Long 'ULONG reserved[2];
base As Long 'PVOID Base;
size As Long 'ULONG Size;
flags As Long 'ULONG Flags;
index As Integer 'USHORT Index;
unkn As Integer 'USHORT Unknown;
lcount As Integer 'USHORT LoadCount;
modoffset As Integer 'USHORT ModuleNameOffset;
ImageName As String * 256 'CHAR ImageName[256];
End Type
Private Declare Sub CopyMemory Lib "kernel32 " Alias "RtlMoveMemory " (Destination As Any, Source As Any, ByVal Length As Long)

Private Declare Function NtQuerySystemInformation Lib "ntdll.dll " ( _
ByVal dwInfoType As Long, _
ByRef lpStructure As Any, _
ByVal dwSize As Long, _
dwReserved As Long) As Long
Private Const SYSMODINFO_SPECIFIER = 11

Public Function ListDrivers(Drivers() As SYSTEM_MODULE_INFORMATION)
Dim Entries As Long
Dim numBytes As Long
Dim bufSize As Long
Dim buf() As Byte
Dim smi As SYSTEM_MODULE_INFORMATION
Dim offset As Long
Dim i As Long
Dim Count As Integer

NtQuerySystemInformation SYSMODINFO_SPECIFIER, Entries, 4, numBytes
bufSize = Len(smi) * (Entries + 1)
ReDim buf(bufSize)
NtQuerySystemInformation SYSMODINFO_SPECIFIER, buf(0), bufSize, numBytes
CopyMemory Entries, buf(0), 4

offset = 4
For i = 1 To Entries
CopyMemory smi, buf(offset), Len(smi)
bufSize = InStr(smi.ImageName, Chr(0))
ReDim Preserve Drivers(Count)
Drivers(Count) = smi
Count = Count + 1
offset = offset + Len(smi)
Next

End Function