kernel gets it from PEB: NtCurrentPeb()->ImageBaseAddress
PEB is stored in PEPROCESS (private)
is there a method how to get that using a public NT function ?
I’d like to find out my driver’s MZ header
thanks
kernel gets it from PEB: NtCurrentPeb()->ImageBaseAddress
PEB is stored in PEPROCESS (private)
is there a method how to get that using a public NT function ?
I’d like to find out my driver’s MZ header
thanks
Well MmPageEntireDriver will return the base address of your driver, then
MmResetDriverPaging will restore the defaults. Do this early in DriverEntry
so that nothing requiring non-paged memory is setup.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
----- Original Message -----
From: “Petr Kurtin”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Sunday, June 26, 2005 10:29 AM
Subject: [ntdev] how to get ImageBaseAddress ?
kernel gets it from PEB: NtCurrentPeb()->ImageBaseAddress
PEB is stored in PEPROCESS (private)
is there a method how to get that using a public NT function ?
I’d like to find out my driver’s MZ header
thanks
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Easier:
Just declare this line in some source file:
extern “C” IMAGE_DOS_HEADER __ImageBase;
Don’t use extern “C” if you’re using C
The address (&__ImageBase) of this variable is the base address of the image
of your driver/PE
ps: actually I don’t remember having tried it in a driver but I don’t see
why it wouldn’t work since it is a linker trick. Maybe IMAGE_DOS_HEADER
would be indefined but that’s easy to fix.
M-A
“Don Burn” a écrit dans le message de news: xxxxx@ntdev…
> Well MmPageEntireDriver will return the base address of your driver, then
> MmResetDriverPaging will restore the defaults. Do this early in
> DriverEntry so that nothing requiring non-paged memory is setup.
>
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Remove StopSpam from the email to reply
>
>
>
> ----- Original Message -----
> From: “Petr Kurtin”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
> Sent: Sunday, June 26, 2005 10:29 AM
> Subject: [ntdev] how to get ImageBaseAddress ?
>
>
> kernel gets it from PEB: NtCurrentPeb()->ImageBaseAddress
> PEB is stored in PEPROCESS (private)
>
> is there a method how to get that using a public NT function ?
> I’d like to find out my driver’s MZ header
>
> thanks
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Marc-Antoine Ruel wrote:
Easier:
Just declare this line in some source file:
extern “C” IMAGE_DOS_HEADER __ImageBase;
Don’t use extern “C” if you’re using C
The address (&__ImageBase) of this variable is the base address of the image
of your driver/PEps: actually I don’t remember having tried it in a driver but I don’t see
why it wouldn’t work since it is a linker trick. Maybe IMAGE_DOS_HEADER
would be indefined but that’s easy to fix.
I was all prepared to scoff at this, but I just tried it in a kernel
driver, and it works fine. Cute trick.
I did have to add “typedef void * IMAGE_DOS_HEADER”. It’s defined in
<ntimage.h>, but that’s not in the normal include path for WDM drivers.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</ntimage.h>
The base address of the driver is a field in DRIVER_OBJECT.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Petr Kurtin
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Sunday, June 26, 2005 6:29 PM
Subject: [ntdev] how to get ImageBaseAddress ?
kernel gets it from PEB: NtCurrentPeb()->ImageBaseAddress
PEB is stored in PEPROCESS (private)
is there a method how to get that using a public NT function ?
I’d like to find out my driver’s MZ header
thanks
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com