7-26
hook KeBugCheckEx, to see what happens.
8-1
hook ObReferenceObjectByHandle
user DeviceIoControl with METHOD_NEITHER
8-4
enum process
query process path
enum process modules
enum process threads
enum kernel modules
8-8
use ssdt func instead of ZwXXX