Execute anything in a legit memory region by attacking a windows driver
A windows driver named atapi.sys, digitally code signed and automatically running on every Windows 10/11 machines. This driver calls multiple functions which do not call any external ones and thus could easily be swapped/hooked
The driver still hooks something so it may be that, but once you're in the function, except if you trigger another flag, you can (almost) do whatever you want.
The function itself is entirely emulated so, no. And no issues will be caused on the behalf of atapi.sys
