typedef struct _SYSTEM_DLL_ENTRY
{ULONG64 type;UNICODE_STRING FullName;PVOID ImageBase;PWCHAR BaseName;PWCHAR StaticUnicodeBuffer;
}SYSTEM_DLL_ENTRY, * PSYSTEM_DLL_ENTRY;返回值为上面的结构体指针
验证
type:
fullname
inagebase:
pwchar basename
PWCHAR StaticUnicodeBuffer;
wow64的dll type 为0
