Kernel driver hook in dxgkrnl.sys no longer work

[Buen16]

I watch Null's and EthanEDITS's videos in youtube which teach kernel cheating.
They use simple shellcodes (mov rax [your address];jmp rax)to override functions in dxgkrnl.sys(for example, NtOpenCompositionSurfaceSectionInfo, NtQueryCompositionSurfaceStatistics).
But these shellcodes no longer work.
I use kdmapper to map Null's or EthanEDITS's kernel driver (.sys). And when I call the hooked kernel function there is a blue screen .
Here is the code. Anyone could help me with a new solution?(such as new shellcode)

Code:

	bool call_kernel_function(void* kernel_function_address) {
		if (!kernel_function_address) {
			return false;
		}
 
		PVOID* hookFunction = reinterpret_cast<PVOID*>(memory::get_system_module_export("\\SystemRoot\\System32\\drivers\\dxgkrnl.sys", 
			"NtQueryCompositionSurfaceStatistics"));
 
		//BYTE* hookFunctionByte = reinterpret_cast<BYTE*>(hookFunction)+3;
		//hookFunction = reinterpret_cast<PVOID*>(hookFunctionByte);
 
		if (!hookFunction) {
			return false;
		}
 
		//BYTE original_func[] = { 0x4C, 0x8B, 0xDC, 0x49, 0x89, 0x5B, 0x18, 0x4D, 0x89, 0x4B, 0x20, 0x49, 0x89, 0x4B, 0x08 };//This is the original funtion of the driver
		//BYTE original_func[] = { 0x8B, 0x04, 0x24, 0x89, 0x41, 0x44, 0xC7, 0x41, 0x30, 0x0F, 0x00, 0x10 };
		BYTE original_func[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 
		BYTE shell_code_start[]
		{
			0x48, 0xB8 //0x48 is mov, 0xb8 is rax; then our funtion address
		};
 
		BYTE shell_code_end[]
		{
			0xFF, 0xE0 // jmp rax
			//,0xCC 
		};
 
		RtlSecureZeroMemory(&original_func, sizeof(original_func));
		memcpy((PVOID)((ULONG_PTR)original_func), &shell_code_start, sizeof(shell_code_start));
		uintptr_t test_address = reinterpret_cast <uintptr_t> (kernel_function_address);
		memcpy((PVOID)((ULONG_PTR)original_func + sizeof(shell_code_start)), &test_address, sizeof(void*));
		memcpy((PVOID)((ULONG_PTR)original_func + sizeof(shell_code_start)+sizeof(void*)), &shell_code_end, sizeof(shell_code_end));
		memory::write_to_read_only_memory(hookFunction, &original_func, sizeof(original_func));
 
		return true;
	}