Hello,
I can call AuxKlibQueryModuleInformation to get a list of currently loaded kernel modules.
How do I make sure that one of these images does not unload while I am trying to access it?
I was thinking about using MmProbeAndLockPages, but how does it behave with discardable sections (INIT, .reloc, etc.)?
Thank you.
I’m not sure that this is a very good idea. I certainly understand why
you might want to do this, but you don’t have control over other
programs, et. c. choosing to unload modules otherwise. If they do, it’s
hard to say what will happen exactly, but at the very least, the results
will be confusing.
Good luck,
mm
xxxxx@hushmail.com wrote:
Hello,
I can call AuxKlibQueryModuleInformation to get a list of currently loaded kernel modules.
How do I make sure that one of these images does not unload while I am trying to access it?I was thinking about using MmProbeAndLockPages, but how does it behave with discardable sections (INIT, .reloc, etc.)?
Thank you.
I want to facilitate dynamic loading of kernel-mode DLLs; basically EngLoadImage, EngFindImageProcAddress & EngUnloadImage, but for system, not session space.
I know, AuxKlibQueryModuleInformation does only enumerate, not load images, and I’d actually need unexported MmLoadSystemImage & MmUnloadSystemImage, but why did Microsoft even provide AuxKlibQueryModuleInformation when it has nearly no safe use (except testing & debugging, perhaps)?!