e

driver/ioctl.c

@@ -52,7 +52,7 @@ NTSTATUS DeviceControl(
 
 		/* return early as IRP completion was handled inside the function */
 		ZwClose( handle );
-		return status;
+		break;
 
 	default:
 		DEBUG_ERROR( "Invalid IOCTL passed to driver" );

driver/modules.c

@@ -329,13 +329,6 @@ NTSTATUS HandleValidateDriversIOCTL(
 	else
 	{
 		DEBUG_LOG( "No INVALID drivers found :)" );
-
-		Irp->IoStatus.Information = sizeof( MODULE_VALIDATION_FAILURE_HEADER );
-
-		RtlCopyMemory( 
-			Irp->AssociatedIrp.SystemBuffer, 
-			&header, 
-			sizeof( MODULE_VALIDATION_FAILURE_HEADER ) );
 	}
 
 	ExFreePoolWithTag( head, INVALID_DRIVER_LIST_HEAD_POOL );

user/km/driver.cpp

@@ -56,7 +56,7 @@ void kernelmode::Driver::RunNmiCallbacks()
 void kernelmode::Driver::VerifySystemModules()
 {
 	BOOLEAN status;
-	DWORD bytes_returned;
+	DWORD bytes_returned = 0;
 	PVOID buffer;
 	SIZE_T buffer_size;
 	SIZE_T header_size;
@@ -97,9 +97,7 @@ void kernelmode::Driver::VerifySystemModules()
 		return;
 	}
 
-	memcpy( &header, buffer, sizeof( header_size ));
+	if ( bytes_returned == NULL )
-
-	if ( header.module_count == 0 )
 	{
 		LOG_INFO( "All modules valid :)" );
 		free( buffer );
@@ -111,6 +109,8 @@ void kernelmode::Driver::VerifySystemModules()
 	* if I am being honest it is just easier in c++ and that way the process
 	* is streamlined just like all other report packets.
 	*/
+	memcpy( &header, buffer, sizeof( header_size ) );
+
 	UINT64 base = ( UINT64 )buffer + sizeof( header_size );
 
 	for ( int i = 0; i < header.module_count; i++ )