From 4684dd2158d178453f5f59eac2b481a855e72f59 Mon Sep 17 00:00:00 2001
From: lhodges1 <lachiehodges7785@gmail.com>
Date: Sat, 19 Aug 2023 20:58:07 +1000
Subject: [PATCH] sss

---
 driver/modules.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/driver/modules.c b/driver/modules.c
index ece771c..97d7ccd 100644
--- a/driver/modules.c
+++ b/driver/modules.c
@@ -10,7 +10,7 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
 )
 {
 	NTSTATUS status;
-	UINT64 current_function;
+	UINT64 dispatch_function;
 
 	UINT64 base = ( UINT64 )Driver->DriverStart;
 	UINT64 end = base + Driver->DriverSize;
@@ -22,26 +22,21 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
 	* the module, report it. Basic check but every effective for catching driver
 	* dispatch hooking.
 	*/
+	dispatch_function = Driver->MajorFunction[ IRP_MJ_DEVICE_CONTROL ];
 
-	for ( INT index = 0; index < IRP_MJ_MAXIMUM_FUNCTION + 1; index++ )
+	if ( dispatch_function == NULL )
+		return;
+
+	DEBUG_LOG( "Current function: %llx", dispatch_function );
+
+	if ( dispatch_function >= base && dispatch_function <= end )
 	{
-		current_function = *(UINT64*)
-			( ( UINT64 )Driver->MajorFunction + index * sizeof( PVOID ) );
-
-		DEBUG_LOG( "Current function: %llx", current_function );
-
-		if ( current_function == NULL )
-			continue;
-
-		if ( current_function >= base && current_function <= end )
-		{
-			DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" );
-			continue;
-		}
-
-		DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" );
-		*Flag = FALSE;
+		DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" );
+		return;
 	}
+
+	DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" );
+	*Flag = FALSE;
 }
 
 VOID InitDriverList(