Here is a good read (if you're into kernel dev or patching) from the guy who created EasyHook
I while back I did some kernel development where I used the Rasta Ring 0 Debugger to apply direct code patches to user-land dlls. One of the best PoCs was one where I was able to do MSIL patching on loaded .NET assemblies, which were completely invisible to user-land.
Patching the CLR was also very interresting :)
