NMIs can catch the driver execution code.
Since we (kdmapper) are currently mapping into unsigned memory, NMIs will be thrown and caught at which point the RIP register will be checked and we are caught! Due to this, we should do something like SinMapper does.
Potentially a custom mapper could be wrote for this project (likely using a publicly known vulnerable driver)
NMIs can catch the driver execution code.
Since we (kdmapper) are currently mapping into unsigned memory, NMIs will be thrown and caught at which point the RIP register will be checked and we are caught! Due to this, we should do something like SinMapper does.
Potentially a custom mapper could be wrote for this project (likely using a publicly known vulnerable driver)