Both hal and ntoskrnl are supposed to be always loaded in driver process though, this doesn't look like a correct fix. It is interesting why it actually does not find them.
On 9/13/22 12:19, Etaash Mathamsetty wrote:
From: Etaash Mathamsetty etaash.mathamsetty@gmail.com
MmGetSystemRoutineAddress wasn't finding some functions in ntoskrnl and hal.dll, this patch fixes it required by mrac anti cheat
dlls/ntoskrnl.exe/ntoskrnl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 031e9900544..3b1c1708310 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -3306,11 +3306,11 @@ PVOID WINAPI MmGetSystemRoutineAddress(PUNICODE_STRING SystemRoutineName) if (RtlUnicodeStringToAnsiString( &routineNameA, SystemRoutineName, TRUE ) == STATUS_SUCCESS) { /* We only support functions exported from ntoskrnl.exe or hal.dll */
hMod = GetModuleHandleW( ntoskrnlW );
hMod = LoadLibraryW( ntoskrnlW ); pFunc = GetProcAddress( hMod, routineNameA.Buffer ); if (!pFunc) {
hMod = GetModuleHandleW( halW );
hMod = LoadLibraryW( halW ); if (hMod) pFunc = GetProcAddress( hMod, routineNameA.Buffer ); }