You need to rethink your design. The reason why there are no KM equivalents of these APIs is that these activities are inappropriate for KM components. Remember that the OS in general and KM specifically is intended to serve requests for applications and not to decide to create arbitrary threads or changing page protection.
Now to your specific problem: for this to work, you need to know some things about the process you are trying to 'protect’ and the type of attack you are trying to protect against. Most likely, your goals will be achieved by detecting the existence of a 'cheat’ rather than preventing all possible corruption. Your goal will probably be best served by creating a UM service to analyze the memory space of your target. This needs no driver at all, and will be just as accurate as any other method in the presence of arbitrary malware. Look at ReadProcessMemory (http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx)
Sent from Surface Pro
From: xxxxx@gmail.com
Sent: Friday, November 28, 2014 3:25 PM
To: Windows System Software Devs Interest List
The main hurdle is that there are a handful of hooks placed on the WinAPI but also internally in the target process, which i can’t really do without making the page writable using VirtualProtect.
Pretty much the same for VirtualQuery, which also seems to have no driver equivalent.
There are also some procedures that are written against Direct3D.
There is quite a bit of other stuff, but most of that is replicatable on driver level.
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer