SystemModuleInformation

[trancexx]

Kernel is the heart of your OS. Actually it's more like spinal cord.

Main question is how come people know so little about it?

That's because you don't need to know anything about it. As a matter of fact, some circles of programmers are very resolute about that. They say: "The less you know, the better for all of us".

I usually say to them (the few I met) to go fuc*k themselves with their "mine, mine, mine" attitude. Luckily they don't mind too much. Probably because they don't know I'm gonna bring them down someday, under my knees

Script here will give you SYSTEM name, your kernel module. It will also list your whole operating system (you will see what I mean).

Just to say this is not something particularly new or smart, maybe (?) only in AutoIt.

Script:

SystemModuleInformation.au3

[Shafayat]

Amazing as usual, trancexx. I loved especially the comments. They make it a lot easier to understand, at least for a newbie like me.

Probably because they don't know I'm gonna bring them down someday, under my knees.

- Go ahead. I'm counting on you.

Regards

Shafayat

[ripdad]

Right, nothing new. DTaskManager v1.51 - http://dimio.altervista.org/eng/

Amongst several others. Nice To see it In AutoIt though.

Since Windows can be contrary at times (especially with paths), I have a suggestion:

; ### change raw system and blank paths to friendly paths
Local $FriendlyPath = StringLeft($ImageName, $iNameOffset)
Switch $FriendlyPath
    Case ('\SystemRoot\System32\Drivers\'), ('\Windows\System32\Drivers\')
        $aArray[$i][5] = (@SystemDir & '\Drivers\')
    Case ('\Windows\System32\'), ('\SystemRoot\System32\'), ('\??\' & @SystemDir & '\')
        $aArray[$i][5] = (@SystemDir & '\')

    Case (''); There's only 3 places this blank path can be --> System32, Drivers, dllcache

        ; First, lets check the System32 folder (most likely it's Not here, but just in case)
        If FileExists(@SystemDir & '\' & $ImageName) Then $aArray[$i][5] = (@SystemDir & '\')

        ; This is the most likely place for the blank path
        ; (You can replace &= if you wish. it was for testing to see if in both places)
        If FileExists(@SystemDir & '\Drivers\' & $ImageName) Then $aArray[$i][5] &= (@SystemDir & '\Drivers\')
        ; If someplace else (who knows where?), then it will remain blank in "Case Else"

        ; Since modules are "not normally" loaded from the dllcache --
        ; then we can assume that the next line of code is not needed --
        ; even though some will exist there for "system file protection".
        ; If FileExists(@SystemDir & '\dllcache\' & $ImageName) Then $aArray[$i][5] &= (@SystemDir & '\dllcache\')

    Case Else; If path is normal format or above cases are not valid
        $aArray[$i][5] = $FriendlyPath
EndSwitch

Below is suggested code (without comments)

Local $FriendlyPath = StringLeft($ImageName, $iNameOffset)
Switch $FriendlyPath
    Case ('\SystemRoot\System32\Drivers\'), ('\Windows\System32\Drivers\')
        $aArray[$i][5] = (@SystemDir & '\Drivers\')
    Case ('\Windows\System32\'), ('\SystemRoot\System32\'), ('\??\' & @SystemDir & '\')
        $aArray[$i][5] = (@SystemDir & '\')
    Case ('')
        If FileExists(@SystemDir & '\' & $ImageName) Then $aArray[$i][5] = (@SystemDir & '\')
        If FileExists(@SystemDir & '\Drivers\' & $ImageName) Then $aArray[$i][5] = (@SystemDir & '\Drivers\')
    Case Else
        $aArray[$i][5] = $FriendlyPath
EndSwitch

[Manko]

Right, nothing new. DTaskManager v1.51 - http://dimio.altervista.org/eng/

Actually, you don't even have to leave this site... it has been in ProDLLer for a while now.

It's good someone makes a decent function. My implementation is too closely tied to what I needed at the moment.

/Manko

[trancexx]

It's a symptom. Unconscious mind.