Rairii, 
lol
looks like my experience low level debugging nt with just an emulator/hypervisor debugger is going to come in handy
now having to do it for modern nt using vmware's gdbserver stub.
found a possible bypass for CVE-2024-20666, exploitation has happened and derived keys are in memory, but smss is deadlocking somewhere!