NSG650 · August 3, 2024 17:26
diff --git a/ListLoadedDrivers.c b/ListLoadedDrivers.c
 #include <windows.h>
 #include <winternl.h>

 #pragma comment(lib, "ntdll.lib")

 typedef struct SYSTEM_MODULE {
 	ULONG                Reserved1;
 	ULONG                Reserved2;
 #ifdef _WIN64
 	ULONG		     Reserved3;
 #endif
 	PVOID                ImageBaseAddress;
 	ULONG                ImageSize;
 	ULONG                Flags;
 	WORD                 Id;
 	WORD                 Rank;
 	WORD                 w018;
 	WORD                 NameOffset;
 	CHAR                 Name[256];
 }SYSTEM_MODULE, *PSYSTEM_MODULE;

 typedef struct SYSTEM_MODULE_INFORMATION {
 	ULONG                ModulesCount;
 	SYSTEM_MODULE        Modules[1];
 } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;

 #define SystemModuleInformation 11
 #ifndef STATUS_INFO_LENGTH_MISMATCH
 #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
 #endif
 #ifndef STATUS_SUCCESS
 #define STATUS_SUCCESS 0
 #endif

 INT main(void) {
 	ULONG AllocationLength = 0;
 	NTSTATUS Status = NtQuerySystemInformation(SystemModuleInformation, NULL, 0, &AllocationLength);
 	if (Status != STATUS_INFO_LENGTH_MISMATCH) {
 		printf("[!] NtQuerySystemInformation failed with 0x%lx\n", Status);
 		return -1;
 	}
 	PSYSTEM_MODULE_INFORMATION ModuleInfo = malloc(AllocationLength);
 	if (ModuleInfo == NULL) {
 		printf("[!] Failed to allocate memory for ModuleInfo");
 		return -1;
 	}

 	Status = NtQuerySystemInformation(SystemModuleInformation, ModuleInfo, AllocationLength, &AllocationLength);
 	if (Status != STATUS_SUCCESS) {
 		printf("[!] NtQuerySystemInformation failed with 0x%lx\n", Status);
 		return -1;
 	}
 
    	for (int i = 0; i < ModuleInfo->ModulesCount; i++) {
        	printf("[*] \"%s\" loaded at 0x%p of size %d\n", ModuleInfo->Modules[i].Name, ModuleInfo->Modules[i].ImageBaseAddress, ModuleInfo->Modules[i].ImageSize);
    	}
 	
 	free(ModuleInfo);
    	return 0;
 }
	#include <windows.h>
	#include <winternl.h>

	#pragma comment(lib, "ntdll.lib")

	typedef struct SYSTEM_MODULE {
	ULONG Reserved1;
	ULONG Reserved2;
	#ifdef _WIN64
	ULONG Reserved3;
	#endif
	PVOID ImageBaseAddress;
	ULONG ImageSize;
	ULONG Flags;
	WORD Id;
	WORD Rank;
	WORD w018;
	WORD NameOffset;
	CHAR Name[256];
	}SYSTEM_MODULE, *PSYSTEM_MODULE;

	typedef struct SYSTEM_MODULE_INFORMATION {
	ULONG ModulesCount;
	SYSTEM_MODULE Modules[1];
	} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;

	#define SystemModuleInformation 11
	#ifndef STATUS_INFO_LENGTH_MISMATCH
	#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
	#endif
	#ifndef STATUS_SUCCESS
	#define STATUS_SUCCESS 0
	#endif

	INT main(void) {
	ULONG AllocationLength = 0;
	NTSTATUS Status = NtQuerySystemInformation(SystemModuleInformation, NULL, 0, &AllocationLength);
	if (Status != STATUS_INFO_LENGTH_MISMATCH) {
	printf("[!] NtQuerySystemInformation failed with 0x%lx\n", Status);
	return -1;
	}
	PSYSTEM_MODULE_INFORMATION ModuleInfo = malloc(AllocationLength);
	if (ModuleInfo == NULL) {
	printf("[!] Failed to allocate memory for ModuleInfo");
	return -1;
	}

	Status = NtQuerySystemInformation(SystemModuleInformation, ModuleInfo, AllocationLength, &AllocationLength);
	if (Status != STATUS_SUCCESS) {
	printf("[!] NtQuerySystemInformation failed with 0x%lx\n", Status);
	return -1;
	}

	for (int i = 0; i < ModuleInfo->ModulesCount; i++) {
	printf("[*] \"%s\" loaded at 0x%p of size %d\n", ModuleInfo->Modules[i].Name, ModuleInfo->Modules[i].ImageBaseAddress, ModuleInfo->Modules[i].ImageSize);
	}

	free(ModuleInfo);
	return 0;
	}