Patching Policy for x64-Based Systems

Patching Policy for x64-Based Systems

Changes in policy that are related to patching the kernel for the x64-based versions of Microsoft Windows Server 2003 and Microsoft Windows XP Professional x64 Edition operating systems

Updated: July 25, 2008

The x64-based versions of Microsoft Windows Server 2003 , Windows XP Professional x64 Edition, and later versions of Windows for x64-based systems do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. (In this article, "x64" refers to the 64-bit architecture that is used in AMD64 and Intel Extended Memory 64 Technology systems.) Kernel-mode drivers that extend or replace kernel services through undocumented means (such as hooking the system service tables) can interfere with other software and affect the stability of the operating system. For x86-based systems, Microsoft discourages such practices but does not prevent them programmatically because doing so would break compatibility for a significant amount of released software. A similar base of released software does not yet exist for x64-based systems, so it is possible to add this level of protection to the kernel with less impact on compatibility.

Many system structures are protected on x64-based systems, including the system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). The operating system also does not allow third-party software to allocate memory "on the side" and use it as a kernel stack. If the operating system detects one of these modifications or any other unauthorized patch, it will generate a bug check and shut down the system.

For compatibility with Windows for x64-based systems, drivers must avoid the following practices:

•	Modifying system service tables, for example, by hooking KeServiceDescriptorTable
•	Modifying the interrupt descriptor table (IDT)
•	Modifying the global descriptor table (GDT)
•	Using kernel stacks that are not allocated by the kernel
•	Patching any part of the kernel (detected only on AMD64-based systems)

Drivers for other platforms should avoid these practices, to help ensure stability and reliability of the operating system and a better experience for customers.

If your driver must perform a task that you think cannot be accomplished without patching the kernel, then contact KPPinput@Microsoft.com for help in finding a documented and supported alternative. The white paper that explains the criteria we are using to help evaluate and prioritize the types of APIs that will be developed and when they will be delivered can be found here (Kernel Patch Protection Criteria Evaluation Document).

See Also:

•	Kernel Patch Protection: Frequently Asked Questions

 

원문 : http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx