Message
ZwQueryInformationProcess(); with ProcessBasicInformation class
inside PROCESS_BASIC_INFORMATION you got PebBaseAddress
-> under PEB you got PebBaseAddress->ProcessModuleInfo->ModuleHeader
-> under ModuleHeader you got list of all modules that process loaded
its a “little” undocumented, you will need to search for the structures …
anyway you got sysinternals tools for this
http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:51 PM
Subject: RE: RE:[ntdev] How to know user mode dll context…
sorry for unclear question…
How can I get a list of all the dll file or any other reference to the dll loaded by a process,
in kernel mode…
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 12, 2005 3:48 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…
What is the “DLL name”? Process loads tens of DLLs, which name do you want?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…
Hi,
In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the current process…
I would like to know how do I get to know the dll name in the kernel mode, loaded by a particular process,
Can anybody throw more light on this…
Thanks,
Shiva P
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com —
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com