From 8c5f325d8b7a79b474699df5f0130ac69ae0bdd6 Mon Sep 17 00:00:00 2001
From: hasherezade <hasherezade@gmail.com>
Date: Thu, 31 Oct 2024 14:26:56 -0700
Subject: [PATCH] [REFACT] Small cleanup

---
 etw_listener.cpp    | 6 +++---
 util/process_util.h | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/etw_listener.cpp b/etw_listener.cpp
index 95a6edf..2b78e7c 100644
--- a/etw_listener.cpp
+++ b/etw_listener.cpp
@@ -1,4 +1,6 @@
 #include "etw_listener.h"
+#ifdef __USE_ETW__
+
 #include "hh_scanner.h"
 
 #include <string>
@@ -8,8 +10,6 @@
 #include "util/process_util.h"
 #include "term_util.h"
 
-#if (_MSC_VER >= 1900)
-
 #define EXECUTABLE_FLAGS (PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
 #define MAX_PROCESSES 65536
 
@@ -438,4 +438,4 @@ bool ETWstart(ETWProfile& settings)
     return isOk;
 }
 
-#endif //(_MSC_VER >= 1900)
+#endif // __USE_ETW__
diff --git a/util/process_util.h b/util/process_util.h
index 981b127..2bd4125 100644
--- a/util/process_util.h
+++ b/util/process_util.h
@@ -7,10 +7,12 @@
 
 namespace process_util {
 
-
     inline bool is_wow_64(HANDLE process)
     {
-        FARPROC procPtr = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
+        HMODULE kernel32 = GetModuleHandleA("kernel32");
+        if (!kernel32) return false; // should not happen
+
+        FARPROC procPtr = GetProcAddress(kernel32, "IsWow64Process");
         if (!procPtr) {
             //this system does not have a function IsWow64Process
             return false;