MmMapIoSpace on Page Tables (1803/Redstone 4)

[lotsch]

With the Windows Update 1803, I noticed that when trying to call MmMapIoSpace on any of the Page Tables (PML4, PDPT, PD, PT) it is always going to fail with 0x3E6 (Invalid access to memory location.).
I also tested the exact same code on older versions and it works perfectly fine there. Apparently, the issue is related to the Meltdown Patches from Microsoft.
I wonder if anyone figured out how to disable/uninstall or fix this issue. I already tried disabling KVA Shadowing (Registry) and uninstalling the Patches via Control Panel.
I greatly appreciate any help

[EP_X0FF]

I noticed that too (its from earlier insider builds of Rs4). This change have broke exploits based on bugged 3rd party drivers allowing access to physical memory (like cpu-z CVE-2017-15303 for example). Apparently this is now by design.

[lotsch]

Hm, yeah I've seen that this function is very abusable on many drivers, would there be any easy way to figure out how to patch it back to working on Page Tables?
I'm not very familiar with kernel debugging but I imagine you could try putting a breakpoint on MmMapIoSpace in your driver, call the function and step through the code and figure out where it bails out and returns 0x3E6?

[EP_X0FF]

No way. This behavior is now by _design_. You may try to experiment with something different like MmCopyMemory.

[lotsch]

yeah ok, I will be using something different instead.