Zebediah Figura (@zfigura) commented about dlls/fltmgr.sys/main.c:

•    goto done;
  

• RtlInitializeSid(sid, &auth, 2);
• sid->SubAuthority[1] = DOMAIN_GROUP_RID_ADMINS;
• sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID;
• sid_len = RtlLengthRequiredSid(1);
• sid_system = ExAllocatePool(PagedPool, sid_len);
• if (!sid_system)

•    goto done;
  

• RtlInitializeSid(sid_system, &auth, 1);
• sid_system->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
• sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) +

•        sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) +
  

•        sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system);
  

Maybe rename "sid_len" to "len" if you're going to use it for other things?