I've been reading through the Riot Vanguard (kernel level anti-cheat driver) source code and have some difficulties understanding what I think is a function call.
((void(*)())(RtlFindExportedRoutineByName(VgkDriverObject->DriverStart, "Egg")))();
RtlFindExportedRoutineByName
is a function which returns a PVOID
, and what I currently have thought up is: take this function which returns a PVOID
, cast it to a pointer to a function which returns nothing and call it.
Would love some insight from someone who is more knowledgeable.
EDIT: Why is this better than just calling the function as it is defined?
CodePudding user response:
RtlFindExportedRoutineByName
is a function which returns aPVOID
, and what I currently have thought up is: take this function which returns aPVOID
, cast it to a pointer to a function which returns nothing and call it.
That is correct.
Why is this better than just calling the function as it is defined?
In order to call a function via a pointer, the pointer must be a function pointer. You cannot call a PVOID
(which is a typedef
for void *
) directly, without casting it beforehand.
The function RtlFindExportedRoutineByName
is probably returning a pointer to a function that the program does not have direct access to. Therefore, it can only call it via a function pointer.