How to get the handle of a loaded driver?

Santhosh_Kumar-3 · April 22, 2010, 8:07pm

http://msdn.microsoft.com/en-us/library/ms683199(v=VS.85).aspx
GetModuleHandle()

Given the module name the above function gets the handle. Unfortunately it works only for loaded exe and dll files. Is there something similar call for getting the handle for a loaded driver? A *.sys file!! Thanks

If there is no such call is there any other programmatic way of getting it? CreateFile() will return a new handle not the existing one. Might be I need to play with the arguments to the call? Any ideas? Thanks

hDevice = CreateFile (completeDeviceName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

OSR_Community_User · April 22, 2010, 8:13pm

What are you trying to do? I mean, it’s for a kernel mode object, and you’re running in user mode.

mm

Tim_Roberts · April 22, 2010, 8:18pm

xxxxx@gmail.com wrote:

http://msdn.microsoft.com/en-us/library/ms683199(v=VS.85).aspx
GetModuleHandle()

Given the module name the above function gets the handle. Unfortunately it works only for loaded exe and dll files. Is there something similar call for getting the handle for a loaded driver? A *.sys file!!

If there is no such call is there any other programmatic way of getting it? CreateFile() will return a new handle not the existing one. Might be I need to play with the arguments to the call? Any ideas?

Kernel mode simply does not have the concept of a “module handle”.
That’s a Win32 user-mode concept. To access a driver, you open a FILE
handle into which you can send requests, and that’s what CreateFile
does. If you have not previously opened a file handle, there is no
“existing handle” onto which you can attach.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Santhosh_Kumar-3 · April 22, 2010, 10:18pm

Thanks got it. Okay if I have prevously opened it and a have not closed it, can I get the file handle with any other call. Ex:

I do CrateFile() for the first time and I get the handle. Say it is 0x100.
Then if I were to make another CreateFile() for the same Module I get a different handle.
I dont want a different handle. My question is can I make any other call and get 0x100 as the handle

OSR_Community_User · April 22, 2010, 10:26pm

Each CreateFile creates a new handle. What are you trying to do?

Bill Wandel

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of xxxxx@gmail.com
Sent: Thursday, April 22, 2010 10:20 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to get the handle of a loaded driver?

Thanks got it. Okay if I have prevously opened it and a have not closed it,
can I get the file handle with any other call. Ex:

I do CrateFile() for the first time and I get the handle. Say it is 0x100.
Then if I were to make another CreateFile() for the same Module I get a
different handle.
I dont want a different handle. My question is can I make any other call and
get 0x100 as the handle

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Doron_Holan · April 22, 2010, 10:45pm

DuplicateHandle()

d

sent from my phpne

-----Original Message-----
From: xxxxx@gmail.com
Sent: April 22, 2010 7:18 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to get the handle of a loaded driver?

Thanks got it. Okay if I have prevously opened it and a have not closed it, can I get the file handle with any other call. Ex:

I do CrateFile() for the first time and I get the handle. Say it is 0x100.
Then if I were to make another CreateFile() for the same Module I get a different handle.
I dont want a different handle. My question is can I make any other call and get 0x100 as the handle

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Maxim_S_Shatskih · April 23, 2010, 5:11am

>and dll files. Is there something similar call for getting the handle for a loaded driver? A *.sys file!!

Some AuxKLib function maybe?

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

xk1 · April 23, 2010, 11:37am

>GetModuleHandle()

Given the module name the above function gets the handle.
The ‘handle’ which one gets through GetModuleHandle() in no more than address of the module in the process’ address space. Not a real handle to some kernel object ? totally different thing from the handle which one can get through CreateFile().
If you need to get address of driver module in the system space, you may use ‘EnumDeviceDrivers()’ in usermode. Of course, there’s a corresponding native api call (which may be not documented though).

xk1 · April 23, 2010, 11:42am

(Seems like list processor doesn’t like long dashes - ‘?’ in the previous post shall be read as ‘-’).
?
?

Santhosh_Kumar-3 · April 23, 2010, 2:26pm

Thanks to everyone for the various tips. I shall try them all and use the one which works. I will post the final working results later on.

Santhosh_Kumar-3 · April 23, 2010, 6:12pm

http://msdn.microsoft.com/en-us/library/ms682619(v=VS.85).aspx

Has a neat program based on EnumDeviceDrivers() and it works fine. This does not give me the handle but having thought about it, I really dont need the handle anymore. The questions you all posed helped me clear my thoughts on this.
This posting can be closed now. Thanks to xK and all.

How to get the handle of a loaded driver?

(Seems like list processor doesn’t like long dashes - ‘?’ in the previous post shall be read as ‘-’). ? ?

(Seems like list processor doesn’t like long dashes - ‘?’ in the previous post shall be read as ‘-’).
?
?