While often researched for legitimate purposes, such as developing kernel-level anti-cheat engines (e.g., cybryk/kernelmodeinjector ), this capability is highly sought after by malware developers. 2. Technical Mechanisms of Kernel DLL Injection
The driver updates the thread's instruction pointer ( RIP ) to point directly to the allocated shellcode in user space. kernel dll injector