This isn't going to stop malware! It'll just reduce the speed of them.
Before malware coders worked out how to use the now age-old SEH techniques for finding the kernel base address they used the technique of searching for it in memory at 64k page displacement. For example:
Anonymous
Before malware coders worked out how to use the now age-old SEH techniques for finding the kernel base address they used the technique of searching for it in memory at 64k page displacement. For example:
mov ebx, 0x780000...
[ more ]