Revision as of 18:38, 9 January 2018 edit Little Professor (talk \| contribs) Extended confirmed users 6,673 edits Various fixes Tags: Mobile edit Mobile web edit ← Previous edit		Revision as of 18:42, 9 January 2018 edit undo Little Professor (talk \| contribs) Extended confirmed users 6,673 edits →Technical overview: Reduce verbiage Tags: Mobile edit Mobile web edit Next edit →
Line 24: \|date=September 2007 \|accessdate=20 September 2007 }}</ref> ~~In turn, device~~Device drivers are expected to not modify or ''patch'' core system structures within the kernel.<ref name="KPP FAQ"/> In [[x86]] editions of Windows, Windows does not enforce this expectation that drivers not patch the kernel. ~~But~~As ~~because~~a ~~the~~result, ~~expectation is not enforced on~~some x86 ~~systems, some programs~~software, notably certain security and [[antivirus]] programs, were designed to perform needed tasks through loading drivers that modified core kernel structures.<ref name="Introduction"/><ref name="Fathi">{{cite web \|url=https://www.theguardian.com/technology/2006/sep/28/viruses.security \|title=Antivirus vendors raise threats over Vista in Europe Line 34: }} "This has never been supported and has never been endorsed by us. It introduces insecurity, instability, and performance issues, and every time we change something in the kernel, their product breaks." —Ben Fathi, corporate vice president of Microsoft's security technology unit</ref> In [[x86-64\|x64]] editions of Windows, Microsoft ~~chose to begin~~began to enforce ~~the~~ restrictions on what structures drivers can and cannot modify. Kernel Patch Protection is the technology that ~~actually~~ enforces these restrictions. It works by periodically checking to make sure that protected system structures in the kernel have not been modified. If a modification is detected, then Windows will initiate a [[bug check]] and shut down the system,<ref name="Introduction"/><ref name="Patching Policy">{{cite web \|url=http://www.microsoft.com/whdc/driver/kernel/64bitpatching.mspx \|title=Patching Policy for x64-Based Systems Line 40: \|date=22 January 2007 \|accessdate=20 September 2007 }}</ref> with a [[blue screen]] and/or reboot. The corresponding bugcheck number is 0x109, the bugcheck code is CRITICAL_STRUCTURE_CORRUPTION. Prohibited modifications include:<ref name="Patching Policy"/> * Modifying [[System call\|system service]] tables Line 57: }}</ref> ~~It should be noted that~~ Kernel Patch Protection only defends against device drivers modifying the kernel. It does not offer any protection against one device driver patching another.<ref name="Conclusion">{{cite web \|url=http://uninformed.org/index.cgi?v=6&a=1&p=25 \|author=Skywing

Kernel Patch Protection: Difference between revisions