From 1e7e4007de986b608ea556d057e0d3ab05e9dc97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20H=C3=B6glinger-Stelzer?= <nefarius@dhmx.at>
Date: Mon, 3 Jul 2023 00:55:51 +0200
Subject: [PATCH] Bugfix

---
 src/Domito.cpp | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/Domito.cpp b/src/Domito.cpp
index 72939df..1a113c6 100644
--- a/src/Domito.cpp
+++ b/src/Domito.cpp
@@ -27,6 +27,15 @@ _IRQL_requires_max_(PASSIVE_LEVEL)
 NTSTATUS
 DomitoInit()
 {
+    //
+    // Do those first since the follow-up code depends on them
+    // 
+
+    G_Common.ZwQueryInformationProcess =
+        (t_ZwQueryInformationProcess)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_QipRoutineName);
+    G_Common.RtlImageDirectoryEntryToData =
+        (t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
+
     const STRING ciModuleName = RTL_CONSTANT_STRING("\\SystemRoot\\system32\\CI.dll");
     PVOID driverBaseAddress = NULL, functionAddress = NULL;
 
@@ -62,12 +71,7 @@ DomitoInit()
             G_CI.CiValidateFileObject = (t_CiValidateFileObject)functionAddress;
         }
     }
-
-    G_Common.ZwQueryInformationProcess =
-        (t_ZwQueryInformationProcess)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_QipRoutineName);
-    G_Common.RtlImageDirectoryEntryToData =
-        (t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
-
+    
     return STATUS_SUCCESS; // TODO: unused currently
 }