Set DriverUnload callback after DriverEntry called. Added appropriate README advisory.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 8 insertions, 3 deletions

diff --git a/CRT/kcrt.c b/CRT/kcrt.c
index ccff181..f2ea550 100644
--- a/CRT/kcrt.c
+++ b/CRT/kcrt.c
@@ -264,10 +264,14 @@ void __cdecl _CRT_DriverUnload(_In_ struct _DRIVER_OBJECT * DriverObject)
 
 NTSTATUS __cdecl _CRT_DriverEntry(_In_ struct _DRIVER_OBJECT * DriverObject, _In_ PUNICODE_STRING RegistryPath)
 {
+    NTSTATUS retval;
+
     KCRT_OnDriverEntry();
 
+    retval = DriverEntry(DriverObject, RegistryPath);
+
     /* support for service stopping and CRT de-init */
     DriverObject->DriverUnload = _CRT_DriverUnload;
 
-    return DriverEntry(DriverObject, RegistryPath);
+    return retval;
 }
diff --git a/README.md b/README.md
index c808e5d..a379646 100644
--- a/README.md
+++ b/README.md
@@ -82,8 +82,9 @@ NTSTATUS MyDriverEntry(_In_ struct _DRIVER_OBJECT * DriverObject, _In_ PUNICODE_
 }
 ```
 
-shouldn't be used. Instead the function `DriverUnload` will be called.
-So make sure that the symbol `DriverUnload` exists and has the usual ddk function signature:
+**must not** used. Overwriting `DriverObject->DriverUnload` with your own function may BSOD.
+Instead the function `DriverUnload` will be called.
+Make sure that the symbol `DriverUnload` exists and has the usual ddk function signature:
 `void DriverUnload(_In_ struct _DRIVER_OBJECT * DriverObject)`.
 This is required to make ctors/dtors work without calling additional functions in `DriverEntry` / `DriverUnload`.