From 22238c52f19167008af978a5a4acf2dffef3ba94 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Jul 27 2016 14:00:43 +0000
Subject: __ntapi_ldr_load_system_dll(): pass the system directory as the path parameter.


---

diff --git a/src/ldr/ntapi_ldr_load_system_dll.c b/src/ldr/ntapi_ldr_load_system_dll.c
index a5c56f6..306d8e9 100644
--- a/src/ldr/ntapi_ldr_load_system_dll.c
+++ b/src/ldr/ntapi_ldr_load_system_dll.c
@@ -17,30 +17,31 @@ int32_t	__stdcall __ntapi_ldr_load_system_dll(
 	__out	void **			image_base)
 {
 	int32_t			status;
+	wchar16_t *		sysdir;
+	nt_unicode_string	nt_sysdir;
 	nt_unicode_string	nt_image_name;
 	uintptr_t		buffer[0x80];
 
 	(void)image_flags;
 
 	/* stack buffer */
-	__ntapi->tt_aligned_block_memset(buffer,0,sizeof(buffer));
+	__ntapi->tt_aligned_block_memset(
+		buffer,0,sizeof(buffer));
 
-	status = __ntapi->tt_get_system_directory_dos_path(
-		hsysdir,
-		(wchar16_t *)buffer,
-		sizeof(buffer),
-		base_name,
-		base_name_size,
-		&nt_image_name);
+	sysdir = (wchar16_t *)buffer;
 
-	if (status != NT_STATUS_SUCCESS)
+	if ((status = __ntapi->tt_get_system_directory_dos_path(
+			hsysdir,
+			sysdir,sizeof(buffer),
+			0,0,&nt_sysdir)))
 		return status;
 
-	status = __ntapi->ldr_load_dll(
-		0,
-		0,
+	nt_image_name.strlen = base_name_size;
+	nt_image_name.maxlen = base_name_size;
+	nt_image_name.buffer = base_name;
+
+	return __ntapi->ldr_load_dll(
+		sysdir,0,
 		&nt_image_name,
 		image_base);
-
-	return status;
 }