e

2024-11-21 22:24:08 +01:00 · 2023-08-19 14:37:53 +10:00 · 2023-08-19 14:37:53 +10:00 · e18f393e51
commit e18f393e51
parent 9256c73be8
3 changed files with 6 additions and 13 deletions
--- a/driver/ioctl.c
+++ b/driver/ioctl.c
@ -52,7 +52,7 @@ NTSTATUS DeviceControl(

 		/* return early as IRP completion was handled inside the function */
 		ZwClose( handle );
-		return status;
+		break;

 	default:
 		DEBUG_ERROR( "Invalid IOCTL passed to driver" );
--- a/driver/modules.c
+++ b/driver/modules.c
@ -329,13 +329,6 @@ NTSTATUS HandleValidateDriversIOCTL(
 	else
 	{
 		DEBUG_LOG( "No INVALID drivers found :)" );
-
-		Irp->IoStatus.Information = sizeof( MODULE_VALIDATION_FAILURE_HEADER );
-
-		RtlCopyMemory( 
-			Irp->AssociatedIrp.SystemBuffer, 
-			&header, 
-			sizeof( MODULE_VALIDATION_FAILURE_HEADER ) );
 	}

 	ExFreePoolWithTag( head, INVALID_DRIVER_LIST_HEAD_POOL );
--- a/user/km/driver.cpp
+++ b/user/km/driver.cpp
@ -56,7 +56,7 @@ void kernelmode::Driver::RunNmiCallbacks()
 void kernelmode::Driver::VerifySystemModules()
 {
 	BOOLEAN status;
-	DWORD bytes_returned;
+	DWORD bytes_returned = 0;
 	PVOID buffer;
 	SIZE_T buffer_size;
 	SIZE_T header_size;
@ -97,20 +97,20 @@ void kernelmode::Driver::VerifySystemModules()
 		return;
 	}

-	memcpy( &header, buffer, sizeof( header_size ));
-
-	if ( header.module_count == 0 )
+	if ( bytes_returned == NULL )
 	{
 		LOG_INFO( "All modules valid :)" );
 		free( buffer );
 		return;
-	}
+	}	

 	/*
 	* We are splitting up each packet here and passing them on one by one since 
 	* if I am being honest it is just easier in c++ and that way the process
 	* is streamlined just like all other report packets.
 	*/
+	memcpy( &header, buffer, sizeof( header_size ) );
+
 	UINT64 base = ( UINT64 )buffer + sizeof( header_size );

 	for ( int i = 0; i < header.module_count; i++ )