x64驱动开发需要注意-patch 策略

Patching Policy for x64-Based Systems

Changes in policy that are related to patching the kernel for the x64-based versions of Windows Server 2003 and Windows XP Professional x64 Edition operating systems.

Updated: July 25, 2008

The x64-based versions of Microsoft Windows Server 2003 , Windows XP Professional x64 Edition, and later versions of Windows for x64-based systems do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. (In this article, "x64" refers to the 64-bit architecture that is used in AMD64 and Intel Extended Memory 64 Technology systems.) Kernel-mode drivers that extend or replace kernel services through undocumented means (such as hooking the system service tables) can interfere with other software and affect the stability of the operating system. For x86-based systems, Microsoft discourages such practices but does not prevent them programmatically because doing so would break compatibility for a significant amount of released software. A similar base of released software does not yet exist for x64-based systems, so it is possible to add this level of protection to the kernel with less impact on compatibility.

Many system structures are protected on x64-based systems, including the system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). The operating system also does not allow third-party software to allocate memory "on the side" and use it as a kernel stack. If the operating system detects one of these modifications or any other unauthorized patch, it will generate a bug check and shut down the system.

For compatibility with Windows for x64-based systems, drivers must avoid the following practices:

Modifying system service tables, for example, by hooking KeServiceDescriptorTable

Modifying the interrupt descriptor table (IDT)

Modifying the global descriptor table (GDT)

Using kernel stacks that are not allocated by the kernel

Patching any part of the kernel (detected only on AMD64-based systems)

Drivers for other platforms should avoid these practices, to help ensure stability and reliability of the operating system and a better experience for customers.

If your driver must perform a task that you think cannot be accomplished without patching the kernel, then contact KPPinput@Microsoft.com for help in finding a documented and supported alternative. The white paper that explains the criteria we are using to help evaluate and prioritize the types of APIs that will be developed and when they will be delivered can be found here (Kernel Patch Protection Criteria Evaluation Document).

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值