obtain a list of loaded drivers under Windows NT? { This code takes advantage of the undocumented NtQuerySystemInformation API to obtain a list of loaded drivers under Windows NT. } const DRIVER_INFORMATION = 11;type TPDWord = ^DWORD; TDriverInfo = packed record Address: Pointer; Unknown1: DWORD; Unknown2: DWORD; EntryIndex: DWORD; Unknown4: DWORD; Name: array[0..MAX_PATH + 3] of Char; end;var NtQuerySystemInformation: function(infoClass: DWORD; buffer: Pointer; bufSize: DWORD; returnSize: TPDword): DWORD; stdcall = nil;function GetDriverInfo: string; var temp, Index, numBytes, numEntries: DWORD; buf : TPDword; driverInfo : ^TDriverInfo; begin if @NtQuerySystemInformation = nil then NtQuerySystemInformation := GetProcAddress(GetModuleHandle('ntdll.dll'), 'NtQuerySystemInformation'); // Obtain required buffer size NtQuerySystemInformation(DRIVER_INFORMATION, @temp, 0, @numBytes); // Allocate buffer buf := AllocMem(numBytes * 2); NtQuerySystemInformation(DRIVER_INFORMATION, buf, numBytes * 2, @numBytes); numEntries := buf^; driverInfo := Pointer(DWORD(buf) + 12); Result := ''; for Index := 1 to numEntries do begin Result := Result + #$D#$A + 'Address: $' + IntToHex(DWORD(driverInfo^.Address), 8) + 'Name: "' + (driverInfo^.Name) + '"'; Inc(driverInfo); end; Delete(Result, 1, 2); FreeMem(buf); end;
remove a Dll from memory?function KillDll(aDllName: string): Boolean; var hDLL: THandle; aName: array[0..10] of char; FoundDLL: Boolean; begin StrPCopy(aName, aDllName); FoundDLL := False; repeat hDLL := GetModuleHandle(aName); if hDLL = 0 then Break; FoundDLL := True; FreeLibrary(hDLL); until False; if FoundDLL then MessageDlg('Success!', mtInformation, [mbOK], 0) else MessageDlg('DLL not found!', mtInformation, [mbOK], 0); end;
{
This code takes advantage of the undocumented NtQuerySystemInformation
API to obtain a list of loaded drivers under Windows NT.
}
const
DRIVER_INFORMATION = 11;type
TPDWord = ^DWORD; TDriverInfo = packed record
Address: Pointer;
Unknown1: DWORD;
Unknown2: DWORD;
EntryIndex: DWORD;
Unknown4: DWORD;
Name: array[0..MAX_PATH + 3] of Char;
end;var
NtQuerySystemInformation: function(infoClass: DWORD;
buffer: Pointer;
bufSize: DWORD;
returnSize: TPDword): DWORD; stdcall = nil;function GetDriverInfo: string;
var
temp, Index, numBytes, numEntries: DWORD;
buf : TPDword;
driverInfo : ^TDriverInfo;
begin
if @NtQuerySystemInformation = nil then
NtQuerySystemInformation := GetProcAddress(GetModuleHandle('ntdll.dll'),
'NtQuerySystemInformation'); // Obtain required buffer size
NtQuerySystemInformation(DRIVER_INFORMATION, @temp, 0, @numBytes);
// Allocate buffer
buf := AllocMem(numBytes * 2); NtQuerySystemInformation(DRIVER_INFORMATION, buf, numBytes * 2, @numBytes);
numEntries := buf^;
driverInfo := Pointer(DWORD(buf) + 12);
Result := '';
for Index := 1 to numEntries do
begin
Result := Result + #$D#$A + 'Address: $' + IntToHex(DWORD(driverInfo^.Address), 8) +
'Name: "' + (driverInfo^.Name) + '"';
Inc(driverInfo);
end;
Delete(Result, 1, 2);
FreeMem(buf);
end;
var
hDLL: THandle;
aName: array[0..10] of char;
FoundDLL: Boolean;
begin
StrPCopy(aName, aDllName);
FoundDLL := False;
repeat
hDLL := GetModuleHandle(aName);
if hDLL = 0 then
Break;
FoundDLL := True;
FreeLibrary(hDLL);
until False;
if FoundDLL then
MessageDlg('Success!', mtInformation, [mbOK], 0)
else
MessageDlg('DLL not found!', mtInformation, [mbOK], 0);
end;
不过你的第一段代码获得的是loaded drivers 的信息,并不是所有dll的信息。
谁能再提供些资料呢?
回复的保证都有分。
列举每个进程,再列举DLL比较麻烦:)http://lysoft.7u7.net
你的网站我看了,有一个东西是不是?
LY Task Manager --- 可以查看进程相关DLL信息的简单任务管理器^_^
不过你只给出了exe,没有给出源程序呀,现在不都讲源码开放吗?^_^
一般这种在SDK跟DDK方面做事的代码, c++(貌似都是c的代码)跟delphi并没有太大的区别,直接转换是很容易的;
一般MSDN或者其它开源社区里的c代码可以直接paste到delphi里改几个关键字就是了。
或者自己写一个DLL模拟上个DLL的输出函数。