In inline hooking, we saw how the series of bytes in a function are patched to redirect control to malicious code. It is possible to perform in-memory patching using the application compatibility shim (the details of the shim were covered previously). Microsoft uses the feature of in-memory patching to apply patches to fix vulnerabilities in their products. In-memory patching is an undocumented feature, and is not available in the Compatibility Administrator Tool (covered earlier), but security researchers, through reverse engineering, have figured out the functionality of in-memory patches, and have developed tools to analyze them. The sdb-explorer by Jon Erickson (https://github.com/evil-e/sdb-explorer ...