My driver uses ObRegisterCallbacks API to receive callbacks for process accesses. I use this driver to prevent the termination of the critical process in the system.
This driver works fine on Windows 10 64 bit platform. But on a Windows 10 ARM64 platform this driver fails.
The API returns the error code 0xC0000022 ie STATUS_ACCESS_DENIED. The error description says “The callback routines do not reside in a signed kernel binary image”.
The driver is signed with the Microsoft certificate and still, the driver fails to register the callback using the ObRegisterCallbacks API.
Any help on this is appreciated.
Regards,
Albin