I've been reading through the Riot Vanguard (kernel level anti-cheat driver) source code and have some difficulties understanding what I think is a function call.

((void(*)())(RtlFindExportedRoutineByName(VgkDriverObject->DriverStart, "Egg")))();

RtlFindExportedRoutineByName is a function which returns a PVOID, and what I currently have thought up is: take this function which returns a PVOID, cast it to a pointer to a function which returns nothing and call it.

Would love some insight from someone who is more knowledgeable.

EDIT: Why is this better than just calling the function as it is defined?

CodePudding user response：

RtlFindExportedRoutineByName is a function which returns a PVOID, and what I currently have thought up is: take this function which returns a PVOID, cast it to a pointer to a function which returns nothing and call it.

That is correct.

Why is this better than just calling the function as it is defined?

In order to call a function via a pointer, the pointer must be a function pointer. You cannot call a PVOID (which is a typedef for void *) directly, without casting it beforehand.

The function RtlFindExportedRoutineByName is probably returning a pointer to a function that the program does not have direct access to. Therefore, it can only call it via a function pointer.