From 6a5a68a2447ad9454adfcbd9390ec05b9dcef2d6 Mon Sep 17 00:00:00 2001
From: Duncan Ogilvie <mr.exodia.tpodt@gmail.com>
Date: Fri, 19 Aug 2022 17:47:12 +0200
Subject: [PATCH] Call ProbeForWrite(ReturnLength) to fix a bug

Closes #70
---
 TitanHide/hooks.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/TitanHide/hooks.cpp b/TitanHide/hooks.cpp
index 0393ef9..155238e 100644
--- a/TitanHide/hooks.cpp
+++ b/TitanHide/hooks.cpp
@@ -24,7 +24,10 @@ static KMUTEX gDebugPortMutex;
 #define BACKUP_RETURNLENGTH() \
     ULONG TempReturnLength = 0; \
     if(ARGUMENT_PRESENT(ReturnLength)) \
-        TempReturnLength = *ReturnLength
+    { \
+        ProbeForWrite(ReturnLength, sizeof(ULONG), 1); \
+        TempReturnLength = *ReturnLength; \
+    }
 
 #define RESTORE_RETURNLENGTH() \
     if(ARGUMENT_PRESENT(ReturnLength)) \
@@ -477,8 +480,12 @@ static NTSTATUS NTAPI HookNtQueryInformationProcess(
 
         __try
         {
+            if (ReturnLength != nullptr)
+                ProbeForWrite(ReturnLength, sizeof(ULONG), 1);
+
             *(PHANDLE)ProcessInformation = nullptr;
-            if(ReturnLength != nullptr)
+
+            if (ReturnLength != nullptr)
                 *ReturnLength = sizeof(HANDLE);
         }
         __except(EXCEPTION_EXECUTE_HANDLER)