I use the Windbg debugger to remotely debug the Win10 system of the virtual machine. When I load CRZKD Driver normally in test mode, BSOD and ERROR occur_ CODE: (NTSTATUS) 0xc0000096. Display of rows with errors__ Writercr0 (cr0); Error.
OS_ VERSION: 10.0.19041.1.
Where is the problem。
Here is the Log
CONTEXT: ffffc580d0de8920 -- (.cxr 0xffffc580d0de8920) rax=0000000080040033 rbx=ffff8a0f892ef040 rcx=0000000080040033 rdx=000000000000001e rsi=fffff8011e971290 rdi=0000000000000000 rip=fffff8011e9717db rsp=ffff868639f7fad0 rbp=0000000000000080 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000010 r12=0000000000000180 r13=0000000000000000 r14=ffff8a0f836b0040 r15=fffff8010d4cf000 iopl=0 nv up di pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050006 CRZKD!DEntry+0x54b: fffff8011e9717db 0f22c0 mov cr0,rax
Resetting default scope

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000096 - { }

EXCEPTION_CODE_STR: c0000096

EXCEPTION_STR: 0xc0000096

STACK_TEXT:
ffff868639f7fad0 fffff8010e9268f5 : 0000000000000000 fffff8011e971290 0000000000000000 000fe47fb19bbdff : CRZKD!DEntry+0x54b [D:\Documents\Visual Studio 2022\Projects\CRZKD\CRZKD\main.cpp @ 276]
ffff868639f7fbd0 fffff8010ea04c68 : fffff8010d393180 ffff8a0f892ef040 fffff8010e9268a0 0000000000000246 : nt!PspSystemThreadStartup+0x55
ffff868639f7fc20 0000000000000000 : ffff868639f80000 ffff868639f79000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x28

FAULTING_SOURCE_LINE: D:\Documents\Visual Studio 2022\Projects\CRZKD\CRZKD\main.cpp

FAULTING_SOURCE_FILE: D:\Documents\Visual Studio 2022\Projects\CRZKD\CRZKD\main.cpp

FAULTING_SOURCE_LINE_NUMBER: 276

FAULTING_SOURCE_CODE:
272: _disable();
273: auto cr0 = __readcr0();
274: const auto old_cr0 = cr0;
275: cr0 &= ~(1UL << 16);

276: __writecr0(cr0);
277:
278: __writecr0(old_cr0);
279: _enable();
280:
281: //Where we will place the hooks

SYMBOL_NAME: CRZKD!DEntry+54b

MODULE_NAME: CRZKD

IMAGE_NAME: CRZKD.sys

`
It occurs on main.cpp because I move the __writecr0 to the main function to test the error.

i didn't go too far with this project and can't confirm to you if its still working, what i can say to you is that it was designed to work with kdmapper in the first instance and not to load directly as system driver

you can replace in any case most of cr0 modifications/write read only with GetPhysicalAddress+MmMapIoSpace to create a writable memory to same physical memory

i didn't go too far with this project and can't confirm to you if its still working, what i can say to you is that it was designed to work with kdmapper in the first instance and not to load directly as system driver

you can replace in any case most of cr0 modifications/write read only with GetPhysicalAddress+MmMapIoSpace to create a writable memory to same physical memory

Thanks for your reply. It works