Patching Policy for x64-Based Systems
Changes in policy related to patching the kernel for the Microsoft Windows Server 2003 Service Pack 1 Operating System
Microsoft® Windows® Server 2003 SP1 and later versions of Windows for x64-based systems do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. (In this article, "x64" refers to the 64-bit architecture used in AMD64 and Intel Extended Memory 64 Technology systems.)
Kernel-mode drivers that extend or replace kernel services through undocumented means (such as hooking the system service tables) can interfere with other software and affect the stability of the operating system. For x86-based systems, Microsoft discourages such practices but does not prevent them programmatically, because doing so would break compatibility for a significant amount of released software. A similar base of released software does not exist for x64-based systems, so it is possible to add this level of protection to the kernel without breaking compatibility.
Many system structures are protected on x64-based systems, including the system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). The operating system also does not allow third-party software to allocate memory "on the side" and use it as a kernel stack. If the operating system detects one of these modifications or any other unauthorized patch, it will generate a bug check and shut down the system.
For compatibility with Windows for x64-based systems, drivers must avoid the following practices:
•
Modifying system service tables, for example, by hooking KeServiceDescriptorTable
•
Modifying the IDT
•
Modifying the GDT
•
Using kernel stacks that are not allocated by the kernel
•
Patching any part of the kernel (detected on AMD64-based systems only)
Drivers for other platforms should avoid these practices, to help ensure stability and reliability of the operating system and a better experience for customers.
If your driver must perform a task that you feel cannot be accomplished without patching the kernel, contact Microsoft Product Support Services or your Microsoft representative.
Changes in policy related to patching the kernel for the Microsoft Windows Server 2003 Service Pack 1 Operating System
Microsoft® Windows® Server 2003 SP1 and later versions of Windows for x64-based systems do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. (In this article, "x64" refers to the 64-bit architecture used in AMD64 and Intel Extended Memory 64 Technology systems.)
Kernel-mode drivers that extend or replace kernel services through undocumented means (such as hooking the system service tables) can interfere with other software and affect the stability of the operating system. For x86-based systems, Microsoft discourages such practices but does not prevent them programmatically, because doing so would break compatibility for a significant amount of released software. A similar base of released software does not exist for x64-based systems, so it is possible to add this level of protection to the kernel without breaking compatibility.
Many system structures are protected on x64-based systems, including the system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). The operating system also does not allow third-party software to allocate memory "on the side" and use it as a kernel stack. If the operating system detects one of these modifications or any other unauthorized patch, it will generate a bug check and shut down the system.
For compatibility with Windows for x64-based systems, drivers must avoid the following practices:
•
Modifying system service tables, for example, by hooking KeServiceDescriptorTable
•
Modifying the IDT
•
Modifying the GDT
•
Using kernel stacks that are not allocated by the kernel
•
Patching any part of the kernel (detected on AMD64-based systems only)
Drivers for other platforms should avoid these practices, to help ensure stability and reliability of the operating system and a better experience for customers.
If your driver must perform a task that you feel cannot be accomplished without patching the kernel, contact Microsoft Product Support Services or your Microsoft representative.