Uninformed: Informative Information for the Uninformed

Current v9 v8 v7 v6 v5 v4 v3 v2 v1 All About
Vol 3» 2006.Jan


Next: Conclusion Up: Bypass Approaches Previous: Hybrid Interception   Contents

Simulated Hot Patching

The documentation associated with PatchGuard states that it still allows the operating system to be hot-patched through their runtime patching API. For this reason, it should be possible to simulate a hot-patch that would appear to PatchGuard as having been legitimate. At the time of this writing, the authors have not taken the time to understand the manner in which this could be accomplished, but it is left open to further research. Assuming an approach was found that allowed this technique to work reliably, it stands to reason that doing so would be the most preferred route because it would be making use of a documented approach for the circumvention of PatchGuard.