From 384c5cc259398d6e8039684f266ea94e9e11c191 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Wed, 5 Jul 2017 07:52:13 +0200
Subject: Windows Driver: correctly get KeRestoreExtendedProcessorState
 function pointer.

---
 src/Driver/Ntdriver.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/Driver')

diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 7ada065b..83cf7dee 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -129,10 +129,11 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 	// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
 	if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
 	{
-		UNICODE_STRING funcName;
-		RtlInitUnicodeString(&funcName, L"KeSaveExtendedProcessorState");
-		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
-		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
+		UNICODE_STRING saveFuncName, restoreFuncName;
+		RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
+		RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
+		KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
+		KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
 	}
 
 	// Load dump filter if the main driver is already loaded
-- 
cgit v1.2.3