关于枚举windows内核模块地址

#include <ntddk.h>

typedef struct _LDR_DATA_TABLE_ENTRY_FIX
{
    struct _LIST_ENTRY InLoadOrderLinks;                                    //0x0
    struct _LIST_ENTRY InMemoryOrderLinks;                                  //0x10
    struct _LIST_ENTRY InInitializationOrderLinks;                          //0x20
    VOID* DllBase;                                                          //0x30
    VOID* EntryPoint;                                                       //0x38
    ULONG SizeOfImage;                                                      //0x40
    struct _UNICODE_STRING FullDllName;                                     //0x48
    struct _UNICODE_STRING BaseDllName;                                     //0x58
}LDR_DATA_TABLE_ENTRY_FIX, *PLDR_DATA_TABLE_ENTRY_FIX;
//
// 参考此网站从PDB导出的windows内核数据结构
// ref:https://www.vergiliusproject.com/kernels/x64/Windows%207%20%7C%202008R2/SP1/_LDR_DATA_TABLE_ENTRY
//
VOID DriverUnload (
    PDRIVER_OBJECT DriverObject
    )
{
    KdPrint(("EnumDriverModule DriverUnload\r\n"));
}
NTSTATUS DriverEntry(
    PDRIVER_OBJECT DriverObject,
    PUNICODE_STRING RegistryPath
    )
{
    PLDR_DATA_TABLE_ENTRY_FIX loader_entry = (PLDR_DATA_TABLE_ENTRY_FIX)(DriverObject->DriverSection);
    PLIST_ENTRY pLISTHead = &loader_entry->InLoadOrderLinks;
    PLIST_ENTRY pListEntry = pLISTHead;
    
    KdPrint(("EnumDriverModule DriverEntry\r\n"));
    while (pListEntry->Flink != pLISTHead) {
        loader_entry = CONTAINING_RECORD(pListEntry, LDR_DATA_TABLE_ENTRY_FIX, InLoadOrderLinks);
        pListEntry = pListEntry->Flink;
        KdPrint(("%wZ\t0x%I64X\t%I64u(B)\t0x%I64X\t%wZ\r\n",
                &loader_entry->BaseDllName,
                loader_entry->DllBase,
                loader_entry->SizeOfImage,
                DriverObject,
                &loader_entry->FullDllName));
    }
    DriverObject->DriverUnload = DriverUnload;
    return 0;
}

#
# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
# file to this component.  This file merely indirects to the real make file
# that is shared by all the components of Windows NT
#
!IF DEFINED(_NT_TARGET_VERSION)
!    IF $(_NT_TARGET_VERSION)>=0x501
!        INCLUDE $(NTMAKEENV)\makefile.def
!    ELSE
!        message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
!    ENDIF
!ELSE
!    INCLUDE $(NTMAKEENV)\makefile.def
!ENDIF

TARGETNAME=EnumDriverModule
TARGETPATH=obj
TARGETTYPE=DRIVER


MSC_WARNING_LEVEL=/W3

SOURCES=EnumDriverModule.c

Bcdedit.exe -set {current} TESTSIGNING ON
bcdedit.exe -set {current} loadoptions DDISABLE_INTEGRITY_CHECKS

sc create EnumDriverModule  binPath= C:\driver\EnumDriverModule.sys type= kernel

sc query EnumDriverModule  
sc start EnumDriverModule  
sc stop EnumDriverModule
sc delete EnumDriverModule

ed nt!Kd_DEFAULT_MASK