From e18f393e51ed35a451d203dbe1cbf69bb6a7c6cf Mon Sep 17 00:00:00 2001
From: lhodges1 <lachiehodges7785@gmail.com>
Date: Sat, 19 Aug 2023 14:37:53 +1000
Subject: [PATCH] e

---
 driver/ioctl.c     |  2 +-
 driver/modules.c   |  7 -------
 user/km/driver.cpp | 10 +++++-----
 3 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/driver/ioctl.c b/driver/ioctl.c
index 96b16c6..a441bd5 100644
--- a/driver/ioctl.c
+++ b/driver/ioctl.c
@@ -52,7 +52,7 @@ NTSTATUS DeviceControl(
 
 		/* return early as IRP completion was handled inside the function */
 		ZwClose( handle );
-		return status;
+		break;
 
 	default:
 		DEBUG_ERROR( "Invalid IOCTL passed to driver" );
diff --git a/driver/modules.c b/driver/modules.c
index b3316aa..5d43fe0 100644
--- a/driver/modules.c
+++ b/driver/modules.c
@@ -329,13 +329,6 @@ NTSTATUS HandleValidateDriversIOCTL(
 	else
 	{
 		DEBUG_LOG( "No INVALID drivers found :)" );
-
-		Irp->IoStatus.Information = sizeof( MODULE_VALIDATION_FAILURE_HEADER );
-
-		RtlCopyMemory( 
-			Irp->AssociatedIrp.SystemBuffer, 
-			&header, 
-			sizeof( MODULE_VALIDATION_FAILURE_HEADER ) );
 	}
 
 	ExFreePoolWithTag( head, INVALID_DRIVER_LIST_HEAD_POOL );
diff --git a/user/km/driver.cpp b/user/km/driver.cpp
index 36c5c31..3c2cae2 100644
--- a/user/km/driver.cpp
+++ b/user/km/driver.cpp
@@ -56,7 +56,7 @@ void kernelmode::Driver::RunNmiCallbacks()
 void kernelmode::Driver::VerifySystemModules()
 {
 	BOOLEAN status;
-	DWORD bytes_returned;
+	DWORD bytes_returned = 0;
 	PVOID buffer;
 	SIZE_T buffer_size;
 	SIZE_T header_size;
@@ -97,20 +97,20 @@ void kernelmode::Driver::VerifySystemModules()
 		return;
 	}
 
-	memcpy( &header, buffer, sizeof( header_size ));
-
-	if ( header.module_count == 0 )
+	if ( bytes_returned == NULL )
 	{
 		LOG_INFO( "All modules valid :)" );
 		free( buffer );
 		return;
-	}
+	}	
 
 	/*
 	* We are splitting up each packet here and passing them on one by one since 
 	* if I am being honest it is just easier in c++ and that way the process
 	* is streamlined just like all other report packets.
 	*/
+	memcpy( &header, buffer, sizeof( header_size ) );
+
 	UINT64 base = ( UINT64 )buffer + sizeof( header_size );
 
 	for ( int i = 0; i < header.module_count; i++ )