ByePg hijacks the HalPrivateDispatchTable table to create a early-bugcheck hook. Utilizing this early-bugcheck hook it collects information about the exception and basically provides a simple interface to register a high-level system-wide exception handler.
A variety of kernel hooks can be implemented using this method completely bypassing PatchGuard and HVCI as it creates an entirely new attack surface, exception-based hooking, which was previously not possible in Windows kernel.
https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/
\ByePgLibcontains the base library\ExHookcontains a standalone SYSCALL hooking example using ByePg\ExceptionHookingDemodemonstrates the exception handler\InfinityHookFixcontains a sample rendering the recent InfinityHook patch by Microsoft useless\FreeSehcontains a SEH-via-ByePg module letting you use SEH in manual mapped images bypassing PatchGuard's inverted function table checks
There are many other things that can be done using the base library and many things can be improved, be SEH handling or BugCheck parsing, so I would really appreciate any form of contribution to this repo.