From 0be9d04fcfeeb075784420b9a01ebad56dd33a21 Mon Sep 17 00:00:00 2001
From: Ghellab Abderrahmane <43763935+rhaym-tech@users.noreply.github.com>
Date: Thu, 26 Mar 2026 05:44:49 +0000
Subject: [PATCH 1/2] invert condition to skip lock FAST_ERESOURCE on passive
 level

---
 security/import_hiding.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/import_hiding.h b/security/import_hiding.h
index ba074fb..b9d094a 100644
--- a/security/import_hiding.h
+++ b/security/import_hiding.h
@@ -218,7 +218,7 @@ KC_NOINLINE inline void* find_module_by_hash(uint64_t name_hash) {
 
     __try {
 #if KC_IMPORT_HIDING_LOCK_MODULE_LIST
-        if (KeGetCurrentIrql() == PASSIVE_LEVEL) {
+        if (KeGetCurrentIrql() != PASSIVE_LEVEL) {
             __try {
                 KeEnterCriticalRegion();
                 in_critical = true;

From faa8e64895e921fc5741d91c3ebb7c1ae7f191e7 Mon Sep 17 00:00:00 2001
From: Ghellab Abderrahmane <43763935+rhaym-tech@users.noreply.github.com>
Date: Thu, 26 Mar 2026 05:45:41 +0000
Subject: [PATCH 2/2] skip IMAGE_SCN_MEM_EXECUTE where macro from ntimage.h is
 already defined

---
 security/integrity.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/integrity.h b/security/integrity.h
index c3e0e15..302877f 100644
--- a/security/integrity.h
+++ b/security/integrity.h
@@ -140,7 +140,9 @@ KC_NOINLINE inline bool find_text_section(void* base, uintptr_t& text_va, uint32
         }
 
         // fallback: first section with IMAGE_SCN_MEM_EXECUTE
+#ifndef IMAGE_SCN_MEM_EXECUTE
         constexpr uint32_t IMAGE_SCN_MEM_EXECUTE = 0x20000000;
+#endif
         for (uint16_t i = 0; i < nt->FileHeader.NumberOfSections; ++i) {
             if (section[i].Characteristics & IMAGE_SCN_MEM_EXECUTE) {
                 text_va = reinterpret_cast<uintptr_t>(base) + section[i].VirtualAddress;