This project hooks KiUserExceptionDispatcher, the initial usermode exception dispatcher called from the kernel, by hooking Wow64PrepareForException, a function pointer stored in ntdll's .mrdata section.
To modify the .mrdata section in ntdll we call the LdrProtectMrdata function in ntdll.
This project doesn't necessarily need Zydis, but:
- I ripped this from a larger project that uses Zydis
- It makes it much easier to find LdrProtectMrdata and Wow64PrepareForException