LoadLibrary & GetProcAddress in KM

Is there an equivalent of the Win32 functions: LoadLibrary and GetProcAddress in kernel mode ?

Thanks
Matteo


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Raw answer should sound as: NO.
?
But I think this?can be solved.
?
LoadLibrary:
There is a routine Nt(Zw)SetSystemInformation which can be used
to load system image using MmLoadSystemImage.
(class SystemLoadGdiDriverInformation = 26, struct
_SYSTEM_GDI_DRIVER_INFORMATION)
Image also can be unloaded.
(class SystemUnloadGdiDriverInformation = 27)
Nt(Zw)QuerySystemInformation can be used to obtain system module list.
(class SystemModuleInformation = 11)
?
?
GetProcAddress:
This is completely in your hans. You have to write your own routine
which from ImageBase and from ProcedureName or ProcedureOrdinal
gets you ProcedureAddress. This is not so complicated - I have written
this routine so I can send it to you if you want.
?
Hope this helps
Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Tuesday, March 13, 2001 3:14 PM
To: NT Developers Interest List
Subject: [ntdev] LoadLibrary & GetProcAddress in KM

Is there an equivalent of the Win32 functions: LoadLibrary and
GetProcAddress in kernel mode ?
?
Thanks
Matteo

You are currently subscribed to ntdev as: xxxxx@compelson.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hello Matteo,

As stated in a previous reply there is no documented and well behaved
way of doing this. If you wanna embelish on hacks, Dmitri Lehman wrote
a fairly good article which contains a working solution. I advice that
you proceed with caution using this code - I did find a few minor bugs
in it.

http://www.wdj.com/archive/1104/feature.html

Regards,
Anders Fogh

Tuesday, March 13, 2001, 5:53:12 AM, you wrote:

MP> Is there an equivalent of the Win32 functions: LoadLibrary and GetProcAddress in kernel mode ?

MP> Thanks
MP> Matteo

MP> —
MP> You are currently subscribed to ntdev as: xxxxx@flaffer.com
MP> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Best regards,
Anders mailto:xxxxx@flaffer.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hello,

If you are using Windows 2000, you can dynamically get
the address of any NTOSKRNL.EXE or HAL.DLL function
using MmGetSystemRoutineAddress function. The function
is prototyped in NTDDK.H file. The only parameter
which it takes is PUNICODE_STRING pointing to name of
the routine. Note, however, it works only for
NTOSKRNL.EXE or HAL.DLL routines.

The reason is: the code for MmGetSystemRoutineAddress
enumerates all the loaded modules in the system and
for the module names matching NTOSKRNL/HAL it walks
the import tables to locate the address of function.

I dont understand, why this function is restricted
only to NTOSKRNL/HAL modules. It can always be
extended to support any module by adding one more
parameter to this function viz. ModuleName. I hope
Microsoft will add support for this in future versions
of the OS.

Alternatively, you can look at the Gary Nebbett’s
“Windows NT/200 Native API reference” book page 433,
where he has written a kernel mode equivalent of
GetProcAddress.

Hope this helps.

-Prasad

— Anders Fogh wrote:
> Hello Matteo,
>
> As stated in a previous reply there is no documented
> and well behaved
> way of doing this. If you wanna embelish on hacks,
> Dmitri Lehman wrote
> a fairly good article which contains a working
> solution. I advice that
> you proceed with caution using this code - I did
> find a few minor bugs
> in it.
>
> http://www.wdj.com/archive/1104/feature.html
>
> Regards,
> Anders Fogh
>
>
> Tuesday, March 13, 2001, 5:53:12 AM, you wrote:
>
> MP> Is there an equivalent of the Win32 functions:
> LoadLibrary and GetProcAddress in kernel mode ?
>
> MP> Thanks
> MP> Matteo
>
>
> MP> —
> MP> You are currently subscribed to ntdev as:
> xxxxx@flaffer.com
> MP> To unsubscribe send a blank email to
> leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
>
> –
> Best regards,
> Anders
> mailto:xxxxx@flaffer.com
>
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

=====
Prasad S. Dabak
Director of Engineering, Windows NT/2000 Division
Cybermedia Software Private Limited
http://www.cybermedia.co.in
Co-author of the book “Undocumented Windows NT”
ISBN 0764545698

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com