| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Next: Hybrid Exception Interception and
Up: PatchGuard Reloaded: A Brief
Previous: Code Patching Support
Contents
Bypass Mechanisms and Countermeasures
Like PatchGuard 2, it would be folly to state that PatchGuard 3 is invulnerable to assault by third party driver code intent on performing operations blocked by PatchGuard. There are many possible attacks for the new defenses in PatchGuard 3 (as well as several possible countermeasures that Microsoft could take in order to break the proposed bypass mechanisms in a future PatchGuard iteration). This article will describe specific attacks that are capable of defeating PatchGuard 3.
Subsections
- Hybrid Exception Interception and Memory Searching
- Timer DPC Dispatcher and DPC Dispatching
- Canceling the PatchGuard Timer(s)
- Page-Table Swap
- DPC Exception Handler Patching
- System Call MSR Swap