Using `RtlAddFunctionTable` inside a kernel driver

I wrote a kernel driver, which can generate and execute dynamic code.

The problem is that this code can raise SEH exceptions, which will cause stack to unwind incorrectly.

Before I used RtlAddFunctionTable for the similar tasks in userland, but it seems like RtlAddFunctionTable is not exported in the kernel, so I don't know how to properly register dynamic code there.

Would be glad for any help.

Hmmm… why is this a good thing, aside from, you know… malware and bypassing code signing?

I need to monitor a few client drivers to make sure that they do what they are supposed to. This involves injecting code into them. And because those drivers use SEH exception handling I need to make sure that unwinding can recover in those cases.

You joined less than a day ago, and now you're asking about injecting code into other drivers. Which is a commonly used technique in malware.

Whether you yourself are writing malware or not isn't really relevant. Regardless: This is not something we're going to help you with here. Sorry/Not Sorry.

I'm locking this thread.