Microsoft Hotpatching Beta


Win32k.sys: (kernel mode)
·        Exports windows “native†entry points
·        Implements Windows User & GDI “native†functions; calls routines in GDI drivers
Â
Ntoskrnl.exe: executive and kernel (both are in kernel mode)
The Executive includes:
·        base operating system services
·        memory management, process and thread management
·        security, I/O, interprocess communication
Â
The kernel includes:
·        low-level operating system functions
·        thread scheduling, interrupt and exception dispatching
·        multiprocessor synchronization
·        provides a set of routines and basic objects that the rest of the executive usesÂ
          to implement higher-level constructs
Â
Both are contained in file Ntoskrnl.exe
Â
Kernel32.dll: One of the WINAPI DLLs (user mode)
·        Exports the APIs defined by the subsystem
Â
Managed code (user mode)
Â
According to Microsoft this is how a hotpatch package works:
The hotpatch package contains coldpatch and hotpatch binaries for the fix. The hotpatch binary only contains the updated function, function that needs to change to address critical OS flaw. The updated function, as a hotpatch binary, gets inserted into the loaded image of the defective binary. A jump instruction is inserted above the defective function to redirect all subsequent calls to the updated function.
The coldpatch contains the old binary with the fixed function appended to it and a jump instruction instrumented bypassing the flawed function to the fixed function. Hotpatch application addresses currently running instances of the critical flaws in all the process and the complementing cold patch secures the new instances of the process and persists the patch beyond reboot.
Thus the package containing a hotpatch enabled fix will have two binaries related to file being serviced. One with the “.hp.†in its name is the hotpatch binary and the other one is the coldpatch binary.
Posted in Beta News, MS News | 1 Comment »
May 13th, 2006 at 12:59 am
Cool post mate!