Demonstrates GROK's use of manipulating the stack in order to make "hidden" function calls, in a similar fashion (although GROK's is far more intricate) to certain exploits which "find themselves (IP)" in memory. It does it only in the kernel, but the concept can be applied to user-mode code just the same, as demonstrated above, where the native NtQuerySystemInformation is demod to just print the imagebase and drivername of each driver on the system, in similar fashion as GROK does (outside of the useless printing of course). The driver code presented does, in principle, the same thing as GROK: uses an ISR routine (here, a service routine instead) to scan backwards in memory to locate the kernel imagebase; parses the exports from that imagebase to get the desired functions (ZwQuerySystemInformation, ExAllocate/FreePool); uses these to obtain driver info later on, once it "switches" address spaces ... Here we just print the info out to demonstrate the functionality works as intended. The primary implementation is in "hiddenCall.asm".