Uninformed: Informative Information for the Uninformed

Vol 3» 2006.Jan

Simulated Hot Patching

The documentation associated with PatchGuard states that it still allows the operating system to be hot-patched through their runtime patching API. For this reason, it should be possible to simulate a hot-patch that would appear to PatchGuard as having been legitimate. At the time of this writing, the authors have not taken the time to understand the manner in which this could be accomplished, but it is left open to further research. Assuming an approach was found that allowed this technique to work reliably, it stands to reason that doing so would be the most preferred route because it would be making use of a documented approach for the circumvention of PatchGuard.