holy fuck got it working

driver/common.h

@@ -15,6 +15,7 @@
 #define SYSTEM_MODULES_POOL 'halb'
 #define THREAD_DATA_POOL 'doof'
 #define PROC_AFFINITY_POOL 'eeee'
+#define TEMP_BUFFER_POOL 'ffff'
 
 #define ERROR -1
 #define STACK_FRAME_POOL_SIZE 0x200

driver/ioctl.c

@@ -30,9 +30,6 @@ NTSTATUS DeviceControl(
 
 	case IOCTL_VALIDATE_DRIVER_OBJECTS:
 
-		/* KeWaitForSingleObject with infinite time must be called from IRQL <= APC_LEVEL */
-		PAGED_CODE();
-
 		/*
 		* The reason this function is run in a new thread and not the thread
 		* issuing the IOCTL is because ZwOpenDirectoryObject issues a
@@ -40,6 +37,9 @@ NTSTATUS DeviceControl(
 		* This is a problem because when we pass said handle to ObReferenceObjectByHandle
 		* it will issue a bug check under windows driver verifier.
 		*/
+
+		DEBUG_LOG( "irp addr: %p", ( void* )Irp );
+
 		status = PsCreateSystemThread(
 			&handle,
 			PROCESS_ALL_ACCESS,
@@ -78,8 +78,11 @@ NTSTATUS DeviceControl(
 			goto end;
 		}
 
+		/* KeWaitForSingleObject with infinite time must be called from IRQL <= APC_LEVEL */
+		PAGED_CODE();
+		DEBUG_LOG( "waiting for thread to finish" );
 		KeWaitForSingleObject( thread, Executive, KernelMode, FALSE, NULL );
-
+		DEBUG_LOG( "THREAD FINISHED" );
 		ZwClose( handle );
 		ObDereferenceObject( thread );
 
@@ -91,9 +94,9 @@ NTSTATUS DeviceControl(
 	}
 
 end:
-
-	IoCompleteRequest( Irp, IO_NO_INCREMENT );
+	DEBUG_LOG( "completing irp request" );
 	Irp->IoStatus.Status = status;
+	IoCompleteRequest( Irp, IO_NO_INCREMENT );
 	return status;
 }
 

driver/modules.c

@@ -411,11 +411,6 @@ NTSTATUS HandleValidateDriversIOCTL(
 		Irp->IoStatus.Information = sizeof( MODULE_VALIDATION_FAILURE_HEADER ) +
 			MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT * sizeof( MODULE_VALIDATION_FAILURE );
 
-		RtlCopyMemory(
-			Irp->AssociatedIrp.SystemBuffer,
-			&header,
-			sizeof( MODULE_VALIDATION_FAILURE_HEADER ) );
-
 		for ( INT i = 0; i < head->count; i++ )
 		{
 			/* make sure we free any non reported modules */
@@ -431,10 +426,20 @@ NTSTATUS HandleValidateDriversIOCTL(
 			report.driver_base_address = head->first_entry->driver->DriverStart;
 			report.driver_size = head->first_entry->driver->Size;
 
-			RtlCopyMemory(
-				&report.driver_name,
-				head->first_entry->driver->DriverName.Buffer,
-				MODULE_REPORT_DRIVER_NAME_BUFFER_SIZE );
+			ANSI_STRING string;
+			string.Length = 0;
+			string.MaximumLength = MODULE_REPORT_DRIVER_NAME_BUFFER_SIZE;
+			string.Buffer = &report.driver_name;
+
+			status = RtlUnicodeStringToAnsiString(
+				&string,
+				&head->first_entry->driver->DriverName,
+				FALSE
+			);
+
+			/* still continue if we fail to get the driver name */
+			if ( !NT_SUCCESS( status ) )
+				DEBUG_ERROR( "RtlUnicodeStringToAnsiString failed with statsu %x", status );
 
 			RtlCopyMemory(
 				( UINT64 )Irp->AssociatedIrp.SystemBuffer + sizeof( MODULE_VALIDATION_FAILURE_HEADER ) + i * sizeof( MODULE_VALIDATION_FAILURE ),
@@ -452,12 +457,5 @@ NTSTATUS HandleValidateDriversIOCTL(
 	ExFreePoolWithTag( head, INVALID_DRIVER_LIST_HEAD_POOL );
 	ExFreePoolWithTag( system_modules.address, SYSTEM_MODULES_POOL );
 
-	/*
-	* Complete the IRP here so we don't have to implement a waiting mechanism
-	* to prevent an early completion of the IRP.
-	*/
-	//IoCompleteRequest( Irp, IO_NO_INCREMENT );
-	//Irp->IoStatus.Status = status;
-
 	return status;
 }

driver/modules.h

@@ -24,7 +24,7 @@ typedef struct _MODULE_VALIDATION_FAILURE
 	INT report_type;
 	UINT64 driver_base_address;
 	UINT64 driver_size;
-	PCHAR driver_name[ 128 ];
+	CHAR driver_name[ 128 ];
 
 }MODULE_VALIDATION_FAILURE, *PMODULE_VALIDATION_FAILURE;