I've been reading through the Riot Vanguard (kernel level anti-cheat driver) source code and have some difficulties understanding what I think is a function call.
((void(*)())(RtlFindExportedRoutineByName(VgkDriverObject->DriverStart, "Egg")))();
RtlFindExportedRoutineByName is a function which returns a PVOID, and what I currently have thought up is: take this function which returns a PVOID, cast it to a pointer to a function which returns nothing and call it.
Would love some insight from someone who is more knowledgeable.
EDIT: Why is this better than just calling the function as it is defined?
RtlFindExportedRoutineByNameis a function which returns aPVOID, and what I currently have thought up is: take this function which returns aPVOID, cast it to a pointer to a function which returns nothing and call it.
That is correct.
Why is this better than just calling the function as it is defined?
In order to call a function via a pointer, the pointer must be a function pointer. You cannot call a PVOID (which is a typedef for void *) directly, without casting it beforehand.
The function RtlFindExportedRoutineByName is probably returning a pointer to a function that the program does not have direct access to. Therefore, it can only call it via a function pointer.