https://github.com/nbs32k/anva/blob/26f3be99730981194885a36dcfe8343c59800745/Anva/ldr/ldrhook.c#L249-L259
If you disassemble kernelbase.MessageBoxW and follow its execution flow you will find that ntdll.NtRaiseHardError is used to display message boxes if the thread executing MessageBoxW export is not a GUI thread ( a thread gets converted into a GUI thread when it executes a win32k syscall ). Therefore the hook should check if the passed value in ValidResponseOption parameter is 6 ( aka respond with a BSOD ) and correct execution.
https://github.com/nbs32k/anva/blob/26f3be99730981194885a36dcfe8343c59800745/Anva/ldr/ldrhook.c#L249-L259
If you disassemble
kernelbase.MessageBoxWand follow its execution flow you will find that ntdll.NtRaiseHardError is used to display message boxes if the thread executing MessageBoxW export is not a GUI thread ( a thread gets converted into a GUI thread when it executes a win32k syscall ). Therefore the hook should check if the passed value inValidResponseOptionparameter is 6 ( aka respond with a BSOD ) and correct execution.