WDK turns on buffer security checking (/GS1) by default when building a native/kernel project. However if a native application needs to run on downlevel OS such as Windows 2000 and was compiled with /GS, then it will encounter a consistent and timely death when it cannot find RtlUnhandledExceptionFilter in ntdll.dll. This will happen despite the fact that Windows 2000 build environment was used2 to build it.
The solution, is to disable /GS by adding a line BUFFER_OVERFLOW_CHECKS=0 to the SOURCES file. That translates to no buffer security checking (/GS-) and WDK build will stop linking to any of the BufferOverflowX.libs.
1An interesting analysis of which was made by Ollie Whitehouse at Symantec Advanced Threat Research.
2 I was using WDK build 6001.18000
