E:/PROJECTS/cvsed/mixed/VIRTUA~1/kdpatch/moduleapi.h

00001 
00010 #pragma once
00011 #include <bzsddk/undoc.h>
00012 
00014 
00020 static inline PVOID
00021 KernelGetModuleBase(
00022     PCHAR  pModuleName
00023     )
00024 {
00025     PVOID pModuleBase = NULL;
00026     PULONG pSystemInfoBuffer = NULL;
00027 
00028     __try
00029     {
00030         NTSTATUS status = STATUS_INSUFFICIENT_RESOURCES;
00031         ULONG    SystemInfoBufferSize = 0;
00032 
00033         status = ZwQuerySystemInformation(SystemModuleInformation,
00034             &SystemInfoBufferSize,
00035             0,
00036             &SystemInfoBufferSize);
00037 
00038         if (!SystemInfoBufferSize)
00039             return NULL;
00040 
00041         pSystemInfoBuffer = (PULONG)ExAllocatePool(NonPagedPool, SystemInfoBufferSize*2);
00042 
00043         if (!pSystemInfoBuffer)
00044             return NULL;
00045 
00046         memset(pSystemInfoBuffer, 0, SystemInfoBufferSize*2);
00047 
00048         status = ZwQuerySystemInformation(SystemModuleInformation,
00049             pSystemInfoBuffer,
00050             SystemInfoBufferSize*2,
00051             &SystemInfoBufferSize);
00052 
00053         if (NT_SUCCESS(status))
00054         {
00055             PSYSTEM_MODULE_ENTRY pSysModuleEntry =
00056                 ((PSYSTEM_MODULE_INFORMATION)(pSystemInfoBuffer))->Modules;
00057             ULONG i;
00058             
00059             for (i = 0; i <((PSYSTEM_MODULE_INFORMATION)(pSystemInfoBuffer))->ModulesCount; i++)
00060             {
00061                 if (_stricmp((char *)pSysModuleEntry[i].Name +
00062                              pSysModuleEntry[i].NameOffset, pModuleName) == 0)
00063                 {
00064                     pModuleBase = pSysModuleEntry[i].ImageBaseAddress;
00065                     break;
00066                 }
00067             }
00068         }
00069 
00070     }
00071     __except(EXCEPTION_EXECUTE_HANDLER)
00072     {
00073         pModuleBase = NULL;
00074     }
00075     if(pSystemInfoBuffer) {
00076         ExFreePool(pSystemInfoBuffer);
00077     }
00078 
00079     return pModuleBase;
00080 } // end KernelGetModuleBase()
00081 
00083 
00089 static inline PVOID
00090 KernelGetProcAddress(
00091     PVOID ModuleBase,
00092     PCHAR pFunctionName
00093     )
00094 {
00095         ASSERT(ModuleBase && pFunctionName);
00096     PVOID pFunctionAddress = NULL;
00097     
00098     ULONG size = 0;
00099     PIMAGE_EXPORT_DIRECTORY exports =(PIMAGE_EXPORT_DIRECTORY)
00100     RtlImageDirectoryEntryToData(ModuleBase, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size);
00101 
00102     ULONG_PTR addr = (ULONG_PTR)(PUCHAR)((ULONG)exports-(ULONG)ModuleBase);
00103 
00104         PULONG functions =(PULONG)((ULONG_PTR) ModuleBase + exports->AddressOfFunctions);
00105     PSHORT ordinals  =(PSHORT)((ULONG_PTR) ModuleBase + exports->AddressOfNameOrdinals);
00106     PULONG names     =(PULONG)((ULONG_PTR) ModuleBase + exports->AddressOfNames);
00107     ULONG  max_name  = exports->NumberOfNames;
00108     ULONG  max_func  = exports->NumberOfFunctions;
00109 
00110     ULONG i;
00111 
00112     for (i = 0; i < max_name; i++)
00113     {
00114         ULONG ord = ordinals[i];
00115         if(i >= max_name || ord >= max_func) {
00116             return NULL;
00117         }
00118         if (functions[ord] < addr || functions[ord] >= addr + size)
00119         {
00120             if (strcmp((PCHAR) ModuleBase + names[i], pFunctionName)  == 0)
00121             {
00122                 pFunctionAddress =(PVOID)((PCHAR) ModuleBase + functions[ord]);
00123                 break;
00124             }
00125         }
00126     }
00127     return pFunctionAddress;
00128 } // end KernelGetProcAddress()
00129