Hello
I have a requirement to enumerate all device drivers from Usermode and need the driver name, start address and end address - similar to the module list view in Windbg.
The first two are easily found using the EnumDeviceDrivers/GetDeviceDriverBaseName functions but I can’t work out how to get the end address/sizeof the mapped image.
Any ideas ??
Regards
Mark
Use WMI.
You can use Nirsoft’s DriverView from this link http://www.nirsoft.net/utils/driverview.html and disassemble it with OllyDgb and see how they handled their parameters. Assuming you know Assembly 
wrote in message news:xxxxx@ntdev…
> You can use Nirsoft’s DriverView from this link
> http://www.nirsoft.net/utils/driverview.html and disassemble it with
> OllyDgb and see how they handled their parameters. Assuming you know
> Assembly
>
It uses only documented API, which gives only the base address but not end
address.
–pa
maybe you can try doing this:
get base address of the first driver and second, then subtract 2nd from 1st and result is where 1st ends.
NOTE: i just came up with that and i don’t know if drivers are loaded in the same address space range or how they are aligned.(Ascending or Descending)
so don’t blame me for whatever happens