Somehow I ended up at and article on CodeProject titled
How can I get address of KeServiceDescriptorTableShadow. The first thing that caught my eye is the fact that the contributor claims to be from China and a web developer. This seems to be a common attitude in China (and also in Russia) if you are in IT: you do whatever you have to do during the day to earn your living, but you are not considered
l33t unless you do something involving kernel mode programming.
The second thing that struck me about this article, which is echoed by the comment, is the fact that it gives an
alternative method to something for which there are official, well documented APIs for. This again seems to be a cultural difference: chinese tend to value working solutions as opposed to well-architected solutions. An example: the famous QQ messenger includes a kernel-mode protection component. In my opinion, this doesn’t solve anything (and it breaks things I consider essential – like being able to run network facing applications from non-administrative accounts), but it seems to solve (some) problems at least temporarily for their user base.
The third thing that struck me, is the existence of the The Code Project Open License (CPOL). I feel very strongly about this, and not in a good way. There are enough licenses out there already. GPL (v2 and v3), LGPL, BSD, MIT and so on. It is already a big enough headache figuring out what can be used with what (just an example: ZFS can not be introduced in the Linux kernel because it uses a custom, Sun license instead of a standard one), introducing a new piece in the puzzle will just complicate things and make code less attractive.