@thelinuxEXP
how likely do you think it is that without this API, CrowdStrike would have used a janky way to get what they want out of the kernel (and still cause this issue)?

This is obviously something they would want to do, but I have no idea if they would think it would be worth the reverse engineering efforts, monkey-patched kernel files, probably need to re-sign everything to be secure-boot-compatible, etc...