From f0d6c645cc72c3a1a59fde45951a35d308a8ae3b Mon Sep 17 00:00:00 2001
From: Cyclone <91777373+CycloneRing@users.noreply.github.com>
Date: Wed, 15 Jan 2025 17:49:32 +0000
Subject: [PATCH] Fixed crash on invalid hashtable

---
 3rdparty/phnt/include/ntrtl.h | 13 ++++++++-----
 MemoryModule/LdrEntry.cpp     |  5 ++++-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/3rdparty/phnt/include/ntrtl.h b/3rdparty/phnt/include/ntrtl.h
index 79fc5620..45feecec 100644
--- a/3rdparty/phnt/include/ntrtl.h
+++ b/3rdparty/phnt/include/ntrtl.h
@@ -30,14 +30,17 @@ FORCEINLINE BOOLEAN RemoveEntryList(
     _In_ PLIST_ENTRY Entry
     )
 {
-    PLIST_ENTRY Blink;
-    PLIST_ENTRY Flink;
+    if (!Entry) return FALSE;
+
+    PLIST_ENTRY Blink = Entry->Blink;
+    PLIST_ENTRY Flink = Entry->Flink;
+
+    if (!Blink || !Flink) return FALSE;
 
-    Flink = Entry->Flink;
-    Blink = Entry->Blink;
     Blink->Flink = Flink;
     Flink->Blink = Blink;
-
+    Entry->Flink = NULL;
+    Entry->Blink = NULL;
     return Flink == Blink;
 }
 
diff --git a/MemoryModule/LdrEntry.cpp b/MemoryModule/LdrEntry.cpp
index a0e8fbfe..8d3d10a9 100644
--- a/MemoryModule/LdrEntry.cpp
+++ b/MemoryModule/LdrEntry.cpp
@@ -272,9 +272,12 @@ NTSTATUS NTAPI RtlGetReferenceCount(
 VOID NTAPI RtlInsertMemoryTableEntry(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry) {
 	PPEB_LDR_DATA PebData = NtCurrentPeb()->Ldr;
 	PLIST_ENTRY LdrpHashTable = MmpGlobalDataPtr->MmpLdrEntry->LdrpHashTable;
-	ULONG i;
+
+	/* Validate hash table */
+	if (!MmpGlobalDataPtr->MmpLdrEntry->LdrpHashTable) return;
 
 	/* Insert into hash table */
+	ULONG i;
 	i = LdrHashEntry(LdrEntry->BaseDllName);
 	InsertTailList(&LdrpHashTable[i], &LdrEntry->HashLinks);