|
- ...
architecture2.1
- While some places used x64 to mean both AMD64
and IA64, this document will generally refer to x64 as an alias for
AMD64 only, though many of the comments may also apply to IA64
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... below3.1
- For those curious as to how the authors were
able to debug the PatchGuard initialization vector that is intended
to be disabled when a debugger is attached, one method is to simply
break on the div instruction in nt!KiDivide6432 and change
r8d to zero. This will generate the divide error fault and
lead to the calling of the PatchGuard initialization routines. In
order to allow the machine to boot normally, a breakpoint must be
set on nt!KiDivide6432 after the fact to automatically
restore r8d to 0xcb5fa3
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... image3.2
- This could presumably be related to detecting
whether or not hot patches have been applied, but this has not been
confirmed
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
|