Hooking syscall with nt!HalPrivateDispatchTable->HalpCollectPmcCounters and Circular Kernel Context Logger ETW provider.
Hardcoded with Windows 23H2 but may be compatible with Windows 11 24H2, 25H2.
nt!HalPrivateDispatchTable is not protected by PG and R/W memory page. But may be trigger PG in the future.
https://archie-osu.github.io/2025/04/11/vanguard-research.html
https://revers.engineering/fun-with-pg-compliant-hook/
https://github.com/Oxygen1a1/InfinityHook_latest
https://lesnik.cc/hooking-all-system-calls-in-windows-10-20h1/