要获取windows 内核中所有驱动模块信息，调用 系统服务函数 NtQuerySystemInformation，参数SystemInformationClass 传入SystemModuleInformation. 

NtQuerySystemInformation申明如下：

[cpp]

//  

// System Information Classes.  

//  

typedef enum _SYSTEM_INFORMATION_CLASS {  

   SystemBasicInformation,  

   SystemProcessorInformation,              // obsolete...delete  

   SystemPerformanceInformation,  

   SystemTimeOfDayInformation,  

   SystemPathInformation,  

   SystemProcessInformation,                //系统进程信息  

   SystemCallCountInformation,  

   SystemDeviceInformation,  

   SystemProcessorPerformanceInformation,  

   SystemFlagsInformation,  

   SystemCallTimeInformation,  

   SystemModuleInformation,     //系统模块  

   SystemLocksInformation,  

   SystemStackTraceInformation,  

   SystemPagedPoolInformation,  

   SystemNonPagedPoolInformation,  

   SystemHandleInformation,  

   SystemObjectInformation,  

   SystemPageFileInformation,  

   SystemVdmInstemulInformation,  

   SystemVdmBopInformation,  

   SystemFileCacheInformation,  

   SystemPoolTagInformation,  

   SystemInterruptInformation,  

   SystemDpcBehaviorInformation,  

   SystemFullMemoryInformation,  

   SystemLoadGdiDriverInformation,  

   SystemUnloadGdiDriverInformation,  

   SystemTimeAdjustmentInformation,  

   SystemSummaryMemoryInformation,  

   SystemMirrorMemoryInformation,  

   SystemPerformanceTraceInformation,  

   SystemObsolete0,  

   SystemExceptionInformation,  

   SystemCrashDumpStateInformation,  

   SystemKernelDebuggerInformation,  

   SystemContextSwitchInformation,  

   SystemRegistryQuotaInformation,  

   SystemExtendServiceTableInformation,  

   SystemPrioritySeperation,  

   SystemVerifierAddDriverInformation,  

   SystemVerifierRemoveDriverInformation,  

   SystemProcessorIdleInformation,  

   SystemLegacyDriverInformation,  

   SystemCurrentTimeZoneInformation,  

   SystemLookasideInformation,  

   SystemTimeSlipNotification,  

   SystemSessionCreate,  

   SystemSessionDetach,  

   SystemSessionInformation,  

   SystemRangeStartInformation,  

   SystemVerifierInformation,  

   SystemVerifierThunkExtend,  

   SystemSessionProcessInformation,  

   SystemLoadGdiDriverInSystemSpace,  

   SystemNumaProcessorMap,  

   SystemPrefetcherInformation,  

   SystemExtendedProcessInformation,  

   SystemRecommendedSharedDataAlignment,  

   SystemComPlusPackage,  

   SystemNumaAvailableMemory,  

   SystemProcessorPowerInformation,  

   SystemEmulationBasicInformation,  

   SystemEmulationProcessorInformation,  

   SystemExtendedHandleInformation,  

   SystemLostDelayedWriteInformation,  

   SystemBigPoolInformation,  

   SystemSessionPoolTagInformation,  

   SystemSessionMappedViewInformation,  

   SystemHotpatchInformation,  

   SystemObjectSecurityMode,  

   SystemWatchdogTimerHandler,  

   SystemWatchdogTimerInformation,  

   SystemLogicalProcessorInformation,  

   SystemWow64SharedInformation,  

   SystemRegisterFirmwareTableInformationHandler,  

   SystemFirmwareTableInformation,  

   SystemModuleInformationEx,  

   SystemVerifierTriageInformation,  

   SystemSuperfetchInformation,  

   SystemMemoryListInformation,  

   SystemFileCacheInformationEx,  

   MaxSystemInfoClass   // MaxSystemInfoClass should always be the last enum  

} SYSTEM_INFORMATION_CLASS;