Find all the drivers that are loaded on user system and get the information pertaining to code, initialiazed and un- initialiazed static data and driver paging.
Solution:
Drivers.exe, a tool from WinDDK helps the user in finding all the drivres that are loaded on user system.
Drivers tool can be found at C:\winddk\7600.16385.1\tools\Other\i386 location of Winddk once the kit is installed on your system.
Using the tool:
1. Go to the command prompt.
2. Browse to the location where drivers.exe is present.
3. Run the command: "drivers.exe >> C:\report.txt"
This will save the information on all the drivers that were loaded on the user system on the harddisk location C:\report.txt.
Information obtained from the tool:
ModuleName: Represents the driver filename.
Code: Indicates the non-paged code in the driver file in bytes.
Data: Represents the initialiazed static data of the driver file in bytes.
BSS: Un-initialized static data in the image. Generally initialized to 0 or NULL.
Paged: Represets the data that is paged by the driver, in Bytes.
Init: Indicates the data that is not needed after the driver is initialized. Represented inBytes.
LinkDate: Its the date when the driver was linked.
Drivers.exe Output:
------------------------------------------------------------------------------
ModuleName Code Data Bss Paged Init LinkDate
------------------------------------------------------------------------------
ntkrnlpa.exe 479232 106496 0 1183744 180224 Tue Feb 16 18:55:00 2010
hal.dll 35968 42496 0 30976 15488 Mon Apr 14 00:01:27 2008
KDCOM.DLL 2560 256 0 1280 512 Sat Aug 18 02:19:10 2001
BOOTVID.dll 5632 3584 0 0 512 Sat Aug 18 02:19:09 2001
Tool Utility:
1. The tool can be used to identify if a particular driver is loaded on the user system.
2. Could verify if a driver loads on different operating systems and in different modes like Normal or Safe operating modes.
3. User can run the tool twice with in specified time frame and compare the results to check if there are any issues loading a driver under test.
Supported OS:
I have used the tool on the following platforms and it works fine.
- WINXP SP3 x32
- WIN 7 Ultimate x32
No comments:
Post a Comment