iljavs/SysModInfo.c

## SysModInfo.c
#include <Windows.h>
#include <stdio.h>
#include <ntstatus.h>

#define SystemModuleInformation 0x0b

typedef struct SYSTEM_MODULE {
    PVOID  Reserved1;
    PVOID  Reserved2;
    PVOID  ImageBase;
    ULONG  ImageSize;
    ULONG  Flags;
    USHORT Index;
    USHORT NameLength;
    USHORT LoadCount;
    USHORT PathLength;
    CHAR   ImageName[256];
};

typedef struct SYSTEM_MODULE_INFORMATION {
    ULONG                ModulesCount;
    struct SYSTEM_MODULE        Modules[0];
};

typedef DWORD(WINAPI* NTQUERYSYSTEMINFORMATION)(DWORD, PVOID, ULONG, PULONG);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;

int main() {
    HMODULE hNtdll;
    ULONG NeededLen = 0;
    int i;
    NTSTATUS  r;
    struct SYSTEM_MODULE_INFORMATION* smi;

    hNtdll = LoadLibraryW(L"ntdll.dll");
    if (hNtdll == NULL) {
        printf("LoadLibrary(ntdll.dll) failed\n");
        exit(0);
    }

    NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtdll, "NtQuerySystemInformation");
    if (!NtQuerySystemInformation) {
        printf("LoadLibrary failed\n");
        exit(0);
    }

    r = NtQuerySystemInformation(SystemModuleInformation, NULL, 0, &NeededLen);
    if (r != STATUS_INFO_LENGTH_MISMATCH) {
        printf("NtQuerySystemInformation() failed\n");
        exit(0);
    }

    smi = (struct SYSTEM_MODULE_INFORMATION*)malloc(NeededLen);
    if (!smi) {
        printf("malloc() failed\n");
        exit(0);
    }

    memset(smi, 0x00, NeededLen);
    ULONG smilen = NeededLen;
    NeededLen = 0;
    r = NtQuerySystemInformation(SystemModuleInformation, smi, smilen, &NeededLen);
    if (r != STATUS_SUCCESS) {
        printf("NtQuerySystemInformation() failed\n");
        exit(0);
    }

    for (i = 0; i < smi->ModulesCount; i++) {
        printf("module: %s\taddr: 0x%p\n", smi->Modules[i].ImageName, smi->Modules[i].ImageBase);
    }
}
	#include <Windows.h>
	#include <stdio.h>
	#include <ntstatus.h>

	#define SystemModuleInformation 0x0b

	typedef struct SYSTEM_MODULE {
	PVOID Reserved1;
	PVOID Reserved2;
	PVOID ImageBase;
	ULONG ImageSize;
	ULONG Flags;
	USHORT Index;
	USHORT NameLength;
	USHORT LoadCount;
	USHORT PathLength;
	CHAR ImageName[256];
	};

	typedef struct SYSTEM_MODULE_INFORMATION {
	ULONG ModulesCount;
	struct SYSTEM_MODULE Modules[0];
	};

	typedef DWORD(WINAPI* NTQUERYSYSTEMINFORMATION)(DWORD, PVOID, ULONG, PULONG);
	NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;

	int main() {
	HMODULE hNtdll;
	ULONG NeededLen = 0;
	int i;
	NTSTATUS r;
	struct SYSTEM_MODULE_INFORMATION* smi;

	hNtdll = LoadLibraryW(L"ntdll.dll");
	if (hNtdll == NULL) {
	printf("LoadLibrary(ntdll.dll) failed\n");
	exit(0);
	}

	NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtdll, "NtQuerySystemInformation");
	if (!NtQuerySystemInformation) {
	printf("LoadLibrary failed\n");
	exit(0);
	}

	r = NtQuerySystemInformation(SystemModuleInformation, NULL, 0, &NeededLen);
	if (r != STATUS_INFO_LENGTH_MISMATCH) {
	printf("NtQuerySystemInformation() failed\n");
	exit(0);
	}

	smi = (struct SYSTEM_MODULE_INFORMATION*)malloc(NeededLen);
	if (!smi) {
	printf("malloc() failed\n");
	exit(0);
	}

	memset(smi, 0x00, NeededLen);
	ULONG smilen = NeededLen;
	NeededLen = 0;
	r = NtQuerySystemInformation(SystemModuleInformation, smi, smilen, &NeededLen);
	if (r != STATUS_SUCCESS) {
	printf("NtQuerySystemInformation() failed\n");
	exit(0);
	}

	for (i = 0; i < smi->ModulesCount; i++) {
	printf("module: %s\taddr: 0x%p\n", smi->Modules[i].ImageName, smi->Modules[i].ImageBase);
	}
	}