coltonon
commented
5 years ago Same issue, 1809.
Open DebugBuggin opened 5 years ago
coltonon
commented
5 years ago Same issue, 1809.
w3lld0ne
commented
5 years ago at least one of the problems that may cause this BSOD is RtlRestoreContext() function.
since Win10 build 15063 it calls KeCheckStackAndTargetAddress(), which checks both current rsp and context rsp to be in the range of PsGetCurrentThread's stack limits. and since DarthTon's exit handler uses it (while his handler works with custom allocated memory region for rsp), the check for current rsp fails and gives BSOD.
try to replace RtlRestoreContext() to something else, or write your own function just as SimpleVisor did.
trying to test in vmware 14 windows 10 1709 and I get "Kernel security check" failure which I believe maybe patchguard causing the crash?? rebooted and tried twice, happens every time