Any idea failing NtTraceControl in a manual mapped driver? #2
Description
Thanks for the great project first of all!
Well this question is obviously out of the scope therefore you can refuse to answer.
This library works well in normally loaded driver on windows10.
However when I manual map my driver with kdmapper, this library fails at this line inside k_hook::start(). the status returned by NtTraceControl is -1073741819 which is STATUS_ACCESS_VIOLATION. Interestingly it fails only when first parameter is start_trace which is 1.
Considering the kdmapper deletes several driver-related things at map time such as DriverObject and RegistryPath, the error sounds reasonable to me.
I reversed NtTraceControl myself to track where -1073741819 is returned, but I couldn't find it.
It's more than great if you have any idea about this.