api: use NT api directly for enumerating kernel modules

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2020-10-31 00:53:44 +0100
committer: Simon Rozman <simon@rozman.si> 2020-10-31 19:11:51 +0100
commit: 0faba6c3e87dbdcdc80d41865cd616b448513f3d (patch)
tree: 8b0536447514f4c3d2f3709f1acb6d18f3aaa844 /api/ntldr.h
parent: api expose Send.TailMoved event to clients (diff)
download: wintun-0faba6c3e87dbdcdc80d41865cd616b448513f3d.tar.xz
wintun-0faba6c3e87dbdcdc80d41865cd616b448513f3d.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/api/ntldr.h b/api/ntldr.h
new file mode 100644
index 0000000..dca0e78
--- /dev/null
+++ b/api/ntldr.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2018-2020 WireGuard LLC. All Rights Reserved.
+ */
+
+#pragma once
+
+#include <Windows.h>
+
+enum
+{
+    SystemModuleInformation = 11
+};
+
+typedef struct _RTL_PROCESS_MODULE_INFORMATION
+{
+    HANDLE Section;
+    PVOID MappedBase;
+    PVOID ImageBase;
+    ULONG ImageSize;
+    ULONG Flags;
+    USHORT LoadOrderIndex;
+    USHORT InitOrderIndex;
+    USHORT LoadCount;
+    USHORT OffsetToFileName;
+    UCHAR FullPathName[256];
+} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
+
+typedef struct _RTL_PROCESS_MODULES
+{
+    ULONG NumberOfModules;
+    RTL_PROCESS_MODULE_INFORMATION Modules[1];
+} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
author	Jason A. Donenfeld <Jason@zx2c4.com>	2020-10-31 00:53:44 +0100
committer	Simon Rozman <simon@rozman.si>	2020-10-31 19:11:51 +0100
commit	0faba6c3e87dbdcdc80d41865cd616b448513f3d (patch)
tree	8b0536447514f4c3d2f3709f1acb6d18f3aaa844 /api/ntldr.h
parent	api expose Send.TailMoved event to clients (diff)
download	wintun-0faba6c3e87dbdcdc80d41865cd616b448513f3d.tar.xz wintun-0faba6c3e87dbdcdc80d41865cd616b448513f3d.zip