Windows kernel (and userspace!) exploitation is challenging due to the variability in structures across versions and service packs. Check out some exploit examples in Metasploit’s modules/exploits/windows source and marvel at how large the shellcode can get, and how entire blocks of code are designated for ROP/JOP gadgets specific to versions/SPs.
Luckily there are many resources available for those needing to navigate the various subsystems and structures. This article will include resources to help navigate this space, and point the way to Windows kernel exploitation.
Project Vergilius - THE BEST. Browse through the fun UI and dive into various versions and service packs.
ReactOS - Not exactly Windows source code, but sometimes it’s pretty dang close for certain subsystems.
Windows Internals - Book from the creators themselves.
Microsoft - Setting Up Kernel-Mode Debugging - I mean, yeah? How else would you do it?
WindDBG cheat sheet - repnz/windbg-cheat-sheet - WinDBG cheat sheet.
h3xduck’s EternalBlue Journey - Get your hands dirty with a lab, and work through EternalBlue in a debugger. Fun for the whole family!
alpenlol/rdp - Buncha messy python code where I built RDP handshakes from scratch with Impacket. Causes some versions of Windows to BSOD related to (CVE-2019-070). Mostly old WinDBG and termdd.sys notes to self.