Informative Information for the Uninformed
Current
v9
v8
v7
v6
v5
v4
v3
v2
v1
All
About
Vol 8
»
2007.Sep
Next:
Introduction
Up:
PatchGuard Reloaded: A Brief
Previous:
PatchGuard Reloaded: A Brief
Contents
Introduction
Protection Improvements
Multiple Concurrent PatchGuard Check Contexts
Filtering of Exception Codes Used to Trigger PatchGuard Execution
Executing PatchGuard Without SEH
Randomized Call Frames in Repurposed DPC Routine Exception Paths
Expanded Set of Protected Regions
Additional Protection Mechanisms
Timer List Obfuscation
Anti-Debugging Code at PatchGuard Initialization Time
KeBugCheckEx Protection
Two-Stage Code Deobfuscation
Code Patching Support
Bypass Mechanisms and Countermeasures
Hybrid Exception Interception and Memory Searching
Timer DPC Dispatcher and DPC Dispatching
Canceling the PatchGuard Timer(s)
Page-Table Swap
DPC Exception Handler Patching
System Call MSR Swap
Conclusion
Bibliography