Kernel objects and IRPs TL;DR: IRP-driven driver model; IOCTL major function as the user-controlled entry point. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO