On 05.08.2016 21:01, Aric Stewart wrote:
+ + str = HeapAlloc( GetProcessHeap(), 0, sizeof(driverW) + strlenW(driver_name)*sizeof(WCHAR) ); + lstrcpyW( str, driverW); + lstrcatW( str, driver_name ); + RtlInitUnicodeString( &drv_name, str ); + + if (ObReferenceObjectByName( &drv_name, OBJ_CASE_INSENSITIVE, NULL, + 0, NULL, KernelMode, NULL, (void**)&driver_obj ) != STATUS_SUCCESS)
To avoid putting together the string twice, you could already call this function immediately after loading.
I dont quite understand what you are meaning here...
-aric
What I mean is that you could move this to create_driver(), where you already have drv_name. If something went wrong (and the driver is not tracked correctly) you could abort immediately, then.