Thoughts on PatchGuard

Ken Johnson, a Windows kernel mode and debugging guru, analyzes the Windows x64 Kernel Patch prevention system on his blog. From his perspective, PatchGuard is neither a security scheme nor a DRM measure due to the limited scope of the structures it protects. Instead, it is a tool to prevent vendors from destroying system security and stability. Johnson also forecasts a hypervisor-based PatchGuard mechanism for future revisions to this technology. Check out other posts on Nynaeve for a wealth of technical details on Windows mechanisms of interest to reverse-engineers.


  1. 2007-01-30 11:38 pm
  2. 2007-01-31 1:27 am
  3. 2007-01-31 3:02 am
  4. 2007-01-31 3:25 pm
  5. 2007-01-31 9:50 pm