I have been changing the cr3 of my thread within a guarded region and have observed that it is being changed back to my process’s by some type of interrupt. upon looking at kestackaytachprocess I was brought to this structure. Changing it to the target process seems to fix it. My question is what else is this used for and what type of interrupt am I encountering here? I’m in a guarded region so I don’t think it can be APCs perhaps my thread is being scheduled off the core and being restored with that cr3?
Even code in a guarded region is subject to hardware interrupts (timers, network, DMA complete, etc). CR3 doesn’t belong to you, and you shouldn’t be surprised that the system simply sets a known value instead of saving and restoring yours.