CRASH on PHRestore

[rohaaan]

If I hook ntcreatethread and ntcreateprocess using PHHook then while unhooking BugCheck 19 occurs which says memory already corrupt.

Following is windbg output which shows PFN and PTE Entries for both functions is same 2: kd> !pte nt!ntcreateprocess VA fffff8037a4b90a0 PXE at FFFFF6FB7DBEDF80 PPE at FFFFF6FB7DBF0068 PDE at FFFFF6FB7E00DE90 PTE at FFFFF6FC01BD25C8 contains 0000000000704063 contains 0000000000705063 contains 000000013BA009E3 contains 0000000000000000 pfn 704 ---DA--KWEV pfn 705 ---DA--KWEV pfn 13ba00 -GLDA--KWEV LARGE PAGE pfn 13bab9

2: kd> !pte nt!ntcreatethread VA fffff8037a4b911c PXE at FFFFF6FB7DBEDF80 PPE at FFFFF6FB7DBF0068 PDE at FFFFF6FB7E00DE90 PTE at FFFFF6FC01BD25C8 contains 0000000000704063 contains 0000000000705063 contains 000000013BA009E3 contains 0000000000000000 pfn 704 ---DA--KWEV pfn 705 ---DA--KWEV pfn 13ba00 -GLDA--KWEV LARGE PAGE pfn 13bab9

what can we do to resolve this scenario?

[rohaaan]

The above scenario is generated on Windows 10 x64.