I wrote a kernel driver, which can generate and execute dynamic code.
The problem is that this code can raise SEH exceptions, which will cause stack to unwind incorrectly.
Before I used RtlAddFunctionTable
for the similar tasks in userland, but it seems like RtlAddFunctionTable
is not exported in the kernel, so I don't know how to properly register dynamic code there.
Would be glad for any help.
Hmmm… why is this a good thing, aside from, you know… malware and bypassing code signing?
I need to monitor a few client drivers to make sure that they do what they are supposed to. This involves injecting code into them. And because those drivers use SEH exception handling I need to make sure that unwinding can recover in those cases.
You joined less than a day ago, and now you're asking about injecting code into other drivers. Which is a commonly used technique in malware.
Whether you yourself are writing malware or not isn't really relevant. Regardless: This is not something we're going to help you with here. Sorry/Not Sorry.
I'm locking this thread.