How to run userland code from the kernel on Windows – Version 2.0
https://www.stormshield.com/news/how-to-run-userland-code-from-the-kernel-on-windows-version-2-0/
In 2014, Thierry F. wrote an article about a technique that could allow a driver to inject a DLL in a process. This was based on the reverse engineering of the field PEB.KernelCallbackTable, which is untyped and completely undocumented. You may have discovered, through the...