June 4, 2013
In this post i will take a look at PatchGuard, at classic scenario of bypassing this protection and also at little bit diferent one. I will also examine new way (bust most probably not new, just reinvented cause it is too obvious and quite efective) how to locate & abuse page guard context and its behaviour.
typedef struct _KDPC
volatile USHORT Number;
} KDPC, *PKDPC, *PRKDPC;
PoC and some explanation of code, of its weaknes and points to research are included