Hi,
I am currently trying to dump the list of loaded modules in windows system in kernel mode,
I am using AuxKlibQueryModuleInformation for that purpose,
I always found that the 0’th in the buffer is always the kernel.
I wanted to know if it’s safe to assume that it will always be the 0’th entry in the buffer
or it can change?
I came accross the following link, but was not able to get any conclusion
Why do you want to make that assumption? The order of the list is ubdefined
Sent from my Windows 10 phone
From: xxxxx@gmail.commailto:xxxxx
Sent: Monday, April 25, 2016 7:08 AM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] Safe to rely upon first module being nt in the returned buffer of AuxKlib api
Hi,
I am currently trying to dump the list of loaded modules in windows system in kernel mode,
I am using AuxKlibQueryModuleInformation for that purpose,
I always found that the 0’th in the buffer is always the kernel.
I wanted to know if it’s safe to assume that it will always be the 0’th entry in the buffer
or it can change?
I came accross the following link, but was not able to get any conclusion
https://www.osronline.com/showthread.cfm?link=255656
Thanks
—
NTDEV is sponsored by OSR
Visit the list online at: http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx>