只是一个问题,我想知道是否可以连接到 Ring0/Kernel 以显示在内核中运行的加载驱动程序列表?我需要写一个驱动程序吗?
类似于您可以很容易地列出所有正在运行的进程。
哦,这是在 C++/Windows 中。
问问题
2758 次
3 回答
4
正如我所评论的,使用driverquery命令。
driverquery
Display a list of all installed device drivers and their properties.
Syntax
driverquery [/s Computer] [/u Domain\User /p Password]
[/fo {TABLE|LIST|CSV}] [/nh] [/v] [/si]
example
Show all installed device drivers in Table output:
driverquery
Show all installed device drivers in a CSV format:
DriverQuery /fo csv
Without a header:
DriverQuery /nh
Drivers that are not signed:
DriverQuery /si | findstr FALSE
Find drivers that are currently Running:
Driverquery.exe /v |findstr Running
Show installed device drivers on a remote machine
driverquery /s ipaddress
Show installed device drivers on server64 and authenticate as a different user:
driverquery /s server64 /u ss64Ddom\user123 /p p@sswor3d /fo list
Export a verbose listing of drivers to a file
driverquery /v /fo csv > T:\driverlist.csv
When running DriverQuery within PowerShell, the CSV output format can be used to turn the output into objects. The PowerShell function below turns DriverQuery into a graphical tool that will list drivers from both local and remote systems (assuming you have the appropriate permissions.)
function Show-DriverDialog {
param(
$ComputerName = $env:computername
)
driverquery.exe /S $ComputerName /FO CSV |
ConvertFrom-Csv |
Out-GridView -Title "Driver on \\$ComputerName"
来源: http: //windows.commands.com/driverquery
特别注意:
Find drivers that are currently Running:
Driverquery.exe /v | findstr Running
于 2013-07-16T13:36:12.940 回答
1
如果您真的想为此编写自己的代码,那么这里是 Microsfts 网站上的“设备驱动程序信息”页面。
由此,您应该能够将各个部分组合在一起(这与列出当前正在运行的进程非常相似)。
于 2013-07-16T13:13:54.083 回答
0
您可以使用命令 sc
sc query type driver
这将为您提供当前正在运行的驱动程序的文本列表。您可以使用诸如运行/停止之类的标志。从那里它是一个简短的批处理/bash/python 命令来获取服务名称。
于 2013-07-19T21:35:53.177 回答