tailieunhanh - Windows Internals covering windows server 2008 and windows vista- P6

Windows Internals covering windows server 2008 and windows vista- P6: In this chapter, we’ll introduce the key Microsoft Windows operating system concepts and terms we’ll be using throughout this book, such as the Windows API, processes, threads, virtual memory, kernel mode and user mode, objects, handles, security, and the registry. | table 3-24 Hotpatch Operations Operation Meaning Usage Rename Image Replacing a DLL that is on the disk and currently used by other applications or replacing a driver that is on the disk and is currently loaded by the kernel When an entire library in user mode needs to be replaced the kernel can detect which processes and services are referencing it. unload them and then update the DLL and restart the programs and services this is done through the restart manager . When an entire driver needs to be replaced the kernel can unload the driver the driver requires an unload routine update it. and then reload it. Object Swap Atomically renaming an object in the object directory namespace When a file typically a known DLL needs to be renamed atomically and behind the back of any applications that may be using it so that they can start using the new file immediately using the old handle Patch Function Code Replaci ng the code of one or more functions inside an image file with another version If a DLL or driver can t be replaced or renamed during run time functions in the image can be directly patched. A hotpatch DLL that contains the newer code is jumped to whenever an older function is called. Refresh System DLL Reload the memory mapped section object for The system native library is only loaded once during boot-up and then simply duplicated into the address space of every new process If it has been hotpatched. the system must refresh this section to load the newer version. Although hotpatches utilize internal kernel mechanisms their actual implementation is no different from coldpatches. The patch is delivered through Windows Update typically as an executable file containing a program called that will perform the extraction of the patch and the update process. For hotpatches however an additional hotpatch file containing the .hp extension will be present. This file contains a special PE header called .HOT1. This header will contain a data .

TỪ KHÓA LIÊN QUAN