Uninformed: Informative Information for the Uninformed

Vol 8» 2007.Sep

Expanded Set of Protected Regions

With the release of PatchGuard 3, Microsoft has added to the list of kernel global variables that are protected from unauthorized modification. Most notably, PatchGuard now appears to take an interest in PsInvertedFunctionTable, which was proposed as a key way to patch the kernel "under PatchGuard's nose", as it were, by providing an un-protected mechanism to gain execution at any point in the kernel that is traversed by an exception.