Kernel exploitation – r0 to r3 transitions via KeUserModeCallback I have recently came across (well, not entirely by myself… cheers Nahuel!) a fairly (un)common problem related to performing ring0-to-ring3 transitions, after a successful kernel vulnerability exploitation. As I have managed to come up with a bunch of possible solutions, and even write example code for some of these, today I would l