| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Next: Additional Protection Mechanisms
Up: Protection Improvements
Previous: Randomized Call Frames in
Contents
Expanded Set of Protected Regions
With the release of PatchGuard 3, Microsoft has added to the list of kernel global variables that are protected from unauthorized modification. Most notably, PatchGuard now appears to take an interest in PsInvertedFunctionTable, which was proposed as a key way to patch the kernel "under PatchGuard's nose", as it were, by providing an un-protected mechanism to gain execution at any point in the kernel that is traversed by an exception.