易语言枚举内核驱动源码

易语言枚举内核驱动源码系统结构:驱动操作_枚举内核驱动,进制转换_Unicode转Ansi,lblexit,InitializeObjectAttributes,进制转换_Ansi转Unicode,内存读写_读字节集内存,lms520_ZwOpenDirectoryObject,lms520_LocalFree,lms520_LocalAlloc,lms520_ZwQueryDirectoryObject,lms520_CopyMemory,lms520_GlobalSize,API_MultiByteToWideChar,API_WideCharToMultiByte,lms520_ZwClose,取自进程ID,SHOW_OpenProcess,读内存字节集,关闭对象, ======窗口程序集1 || ||------驱动操作_枚举内核驱动 || ||------进制转换_Unicode转Ansi || ||------lblexit || ||------InitializeObjectAttributes || ||------进制转换_Ansi转Unicode || ||------内存读写_读字节集内存 || ||------_按钮1_被单击 || || ======调用的Dll || ||---[dll]------lms520_ZwOpenDirectoryObject || ||---[dll]------lms520_LocalFree || ||---[dll]------lms520_LocalAlloc || ||---[dll]------lms520_ZwQueryDirectoryObject || ||---[dll]------lms520_CopyMemory || ||---[dll]------lms520_GlobalSize || ||---[dll]------API_MultiByteToWideChar || ||---[dll]------API_WideCharToMultiByte || ||---[dll]------lms520_ZwClose || ||---[dll]------取自进程ID || ||---[dll]------SHOW_OpenProcess || ||---[dll]------读内存字节集 || ||---[dll]------关闭对象 调用的DLL命令: .DLL命令lms520_ZwOpenDirectoryObject,整数型,"ntdll.dll","ZwOpenDirectoryObject",公开 .参数DirectoryHandle,整数型,传址 .参数DesiredAccess,整数型 .参数ObjectAttributes,OBJECT_ATTRIBUTESX,传址 .DLL命令lms520_LocalFree,整数型,"kernel32.dll","LocalFree",公开 .参数hMem,整数型 .DLL命令lms520_LocalAlloc,整数型,"kernel32.dll","LocalAlloc",公开 .参数wFlags,整数型 .参数wBytes,整数型 .DLL命令lms520_ZwQueryDirectoryObject,整数型,"ntdll.dll","ZwQueryDirectoryObject",公开 .参数DirectoryHandle,整数型 .参数Buffer,整数型 .参数BufferLength,整数型 .参数ReturnSingleEntry,逻辑型 .参数RestartScan,逻辑型 .参数context,整数型,传址 .参数ReturnLength,整数型,传址 .DLL命令lms520_CopyMemory,,"kernel32","RtlMoveMemory",公开 .参数pDst,DIRECTORY_BASIC_INFORMATION,传址 .参数pSrc,整数型 .参数ByteLen,整数型 .DLL命令lms520_GlobalSize,整数型,"kernel32","GlobalSize",公开,返回全局内存块大小 .参数hMem,DIRECTORY_BASIC_INFORMATION .DLL命令API_MultiByteToWideChar,整数型,"kernel32.dll","MultiByteToWideChar",公开 .参数CodePage,整数型 .参数dwFlags,整数型,,0 .参数lpMultiByteStr,文本型 .参数cchMultiByte,整数型,,-1 .参数lpWideCharStr,字节集,传址 .参数cchWideChar,整数型 .DLL命令API_WideCharToMultiByte,整数型,"kernel32.dll","WideCharToMultiByte",公开 .参数CodePage,整数型 .参数dwFlags,整数型,,0 .参数lpWideCharStr,字节集 .参数cchMultiByte,整数型,,-1 .参数lpMultiByteStr,文本型,传址 .参数cchMultiByte,整数型 .参数默认文本,整数型,,0 .参数使用默认文本,整数型,,0 .DLL命令lms520_ZwClose,整数型,"ntdll.dll","ZwClose",公开 .参数Handle,整数型 .DLL命令取自进程ID,整数型,"kernel32.dll","GetCurrentProcessId",公开 .DLL命令SHOW_OpenProcess,整数型,"kernel32.dll","OpenProcess" .参数访问级别,整数型,,2035711完全访问 .参数子进程继承,整数型,,0为子进程继承 .参数进程ID,整数型,,要打开的进程标识 .DLL命令读内存字节集,逻辑型,"kernel32.dll","ReadProcessMemory",公开,地址1048576 .参数进程操作句柄,整数型,,被读内存的进程句柄 .参数开始读取地址,整数型,,开始读的地址 .参数保存数值变量,字节集,传址,用于放数据的缓存地址 .参数读取长度,整数型,,读取的字节数 .参数实际读取长度,整数型,传址,从文件中实际读入的字符数0 .DLL命令关闭对象,整数型,"kernel32.dll","CloseHandle",公开 .参数对象句柄,整数型