Konke malunga nePatchGuard: uKhuseleko lweKernel kwiWindows

Uhlaziyo lokugqibela: 11/07/2025
umbhali: UIsake
  • I-PatchGuard ikhusela i-kernel ukusuka Windows x64 ngokuchasene nohlengahlengiso olungagunyaziswanga
  • Ikhusela uhlaselo oluphambili olufana ne-rootkits kunye nokuzinzisa inkqubo yokusebenza
  • Ukhuseleko luhlala luvela ukwenza iinzame zokuphepha zibe nzima ngakumbi.

Ukhuseleko lwePatchGuard kunye noKhuseleko

Kwihlabathi lokhuseleko lwekhompyuter, enye yezona zinto zibuthathaka kwaye kwangaxeshanye zibalulekile kwimfezeko iinkqubo zokusebenza Ngundoqo okanye ikernel. U-Microsoft, ebazi umngcipheko kunye nohlaselo olujoliswe kwesi siqwenga sisisiseko, iphuhlise itekhnoloji ethile ukuyikhusela kwiinkqubo zayo zokusebenza ezingama-64-bit: I-PatchGuard, ekwabizwa ngokuba yi-Kernel Patch ProtectionLe nkqubo iye yaba ingqwalasela yeengxoxo ezininzi, uphando kunye neengxabano phakathi kweengcali khu seleko, ngoko ukuqonda indlela esebenza ngayo, imida yayo kunye neempembelelo zayo kubalulekile kuye nabani na onomdla wokukhusela iinkqubo zeWindows.

Ukuba ukhe wazibuza IiWindows zithintela njani iinkqubo ekuguquleni ezona ndawo zinovakalelo zangaphakathi zenkqubo ngokuthandaI-PatchGuard yimpendulo ephambili. Ukususela ekuqalisweni kwayo ngo-2005, isebenze ngaxeshanye njengesithintelo kwezona hlaselo zintsonkothileyo kunye nentloko ebuhlungu kwabo baphuhlisa izixhobo zokhuseleko eziphezulu. Masingene nzulu kuyo yonke into ejikeleze iPatchGuard: isebenza njani, kutheni ibalulekile, iimpikiswano eziye zayibangela, kunye neendlela eziye zayilwa ukuzama ukuyigqitha.

Yintoni iPatchGuard (Kernel Patch Protection)?

IPatchGuard Luphawu lokhuseleko olukhethekileyo kwiinguqulelo zeWindows ze-x64 (64-bit) yezakhiwo, injongo yazo kukuba. Nqanda ukuguqulwa okanye ukupeyishwa kwendlela yokusebenza yekernelOko kukuthi, kuthintela zombini iinkqubo ezinobungozi kunye nezicelo zomntu wesithathu ekusebenziseni iindawo ezibalulekileyo zekernel, "ubuchopho" beWindows, apho imiyalelo esisiseko kunye nenamandla yenkqubo ihlala khona.

Ukusukela ekuqalisweni kwayo ngo-2005 ngeWindows XP x64 kunye neWindows Server 2003 Service Pack 1, iPatchGuard ibe ngumgca wokhuselo ofuna ukuqinisekisa ulwakhiwo kunye nokusebenza imfezeko yekernel ngokuchasene nokuguqulwa okuthe ngqoKwiinguqulelo zangaphambili zeWindows ezisekwe kuyilo lwex86, umqobo onjalo wawungekho. Ke ngoko, uninzi lwezicelo, ngakumbi ezinye ii-antivirus kunye nezixhobo zokhuseleko, zithathe eli thuba lokutofa ikhowudi okanye ukuguqula iitafile zangaphakathi. Nangona oku kunokubonelela ngokuguquguquka okukhulu kunye nobuchule kwiiprogram ezithile, kwavula umnyango wokuhlaselwa okuyinkimbinkimbi kunye neerootkits, ezinokuzifihla ngokungabonakali.

Eyona njongo ibalulekileyo yePatchGuard yile Fumana kwaye uthintele naziphi na iinzame zokukhohlisa iindawo ezikhuselweyo zekernel, nokuba ngu isoftwe okanye isoftware esemthethweni kodwa enokuba yingozi. Ingumlinganiselo wokhuseleko oqinisa uzinzo kunye nokuzithemba kwinkqubo yokusebenza, nangona kungekho ngaphandle kwemida kunye nokugxeka, njengoko siza kubona kamva.

  Isikhokelo esigqibeleleyo: Uyisebenzisa njani i-DxDiag ukufumanisa iiGraphics kunye neengxaki zesandi kwiWindows

Isebenza njani iPatchGuard?

Ukhuseleko olubonelelwa yi-PatchGuard luxhomekeke kuthotho lokujonga amaxesha ngamaxesha kunye nobunzima kwiindawo ezibuthathaka zenkumbulo kunye nezakhiwo zekernel zangaphakathi. I-PatchGuard ihlala ibeka esweni ukuba ikhowudi ekhuselweyo kunye nedatha ayitshintshwanga ukusukela oko ibootUkwenza oku, ibala iitshekhiwo zezi zinto zibalulekileyo kuqaliso lwesixokelelwano kwaye ithelekise amaxesha ngamaxesha kulo lonke ukuphunyezwa.

Phakathi kweendawo ezijongwa kakhulu yiPatchGuard zezi:

  • Iitafile zenkcazo yenkonzo yesixokelelwano (SSDT)
  • Itheyibhile yesichazi esiphazamisayo (IDT) kunye nehlabathi jikelele (GDT)
  • Debugging yesiqhelo kunye noluhlu lweemodyuli ezilayishiwe
  • Oovimba ababalulekileyo kunye namathala eencwadi afana ne isibulali I-Abstraction Layer (HAL) kunye ne-NDIS

Kwimeko apho inkqubo ifumanisa ukungangqinelani, IiWindows zisungula ujongo olubalulekileyo lwebug, ekhokelela kwiscreen esoyikekayo esiluhlaza (BSOD) kunye nenkqubo yokuqalisa kwakhona. Ikhowudi yempazamo ehambelana nolu lwaphulo-mthetho ngu-0x109, eyaziwa ngokuba CRITICAL_STRUCTURE_CORRUPTIONOku kuthetha ukuba ukuba nayiphi na inzame yokulinganisa i-kernel iphumelele, inkqubo iyavala kwaye ayisayi kusebenza kweso simo esitshintshileyo, ngaloo ndlela inciphisa impembelelo yokuhlaselwa okunokwenzeka okanye impazamo eyintlekele.

Inyani enomdla kukuba UMicrosoft akazange apapashe iinkcukacha ezichanekileyo malunga nokuphindaphindwa okanye iindlela ezichanekileyo zangaphakathi apho iPatchGuard iqhuba ngayo olu vavanyo.Iingcali zicinga ukuba ukucwangciswa kweetshekhi kungenziwa ngokungenamkhethe kwaye kuyahluka ukusuka kwimizuzwana embalwa ukuya kwimizuzu emininzi, ukwenza nayiphi na inzame yokuthintela ukhuseleko lube nzima ngakumbi.

Nika amandla uLawulo lwe-Smart App kwi-Windows 11-7
Inqaku elidibeneyo:
Ulawulo lwe-Smart App kwi-Windows 11: Isikhokelo senyathelo nenyathelo lokuqonda kunye nokwenza olu khuseleko

Loluphi uhlobo lohlengahlengiso olunqandwa yiPatchGuard?

I-PatchGuard inqanda uhlengahlengiso kwizinto ezahlukeneyo ezibalulekileyo zekernel. Phakathi kweendlela kunye nezakhiwo ezifuna ukuzikhusela zezi:

  • Ukuguqulwa kweetafile zenkonzo yenkqubo, uxanduva lweefowuni ze-API phakathi komsebenzisi kunye nondoqo
  • Utshintsho kwiitafile eziphazamisayo elawula impendulo yenkqubo kwi-hardware kunye nemicimbi yesoftware
  • Uhlengahlengiso kwikhowudi yekernel, kunye namathala eencwadi asisiseko afana ne-HAL kunye ne-NDIS
  • Ukusetyenziswa kwezitaki zekernel ezingalawulwa yinkqubo ngokwayo

Ngaphandle kolu khuseleko, nawuphi na umqhubi unokukhohlisa ikernel ukuba, umzekelo, uthintele iifowuni, uzimele kwisixokelelwano, okanye ukwazisa umsebenzi oyimfihlo. I-PatchGuard yenzelwe kuphela ukuthintela abaqhubi besixhobo ekuguquleni i-kernel.. Nangona kunjalo, ayikwazi ukuthintela umqhubi osele enamalungelo e-kernel-level ekuguquleni omnye umqhubi, ngoko ukukhusela kwayo kugxininise ngokukodwa kwi-kernel yenkqubo yokusebenza.

  Gqibezela isikhokelo sokucoca irejista yakho yeWindows ngeAuslogics Registry Cleaner

Izinto eziluncedo zokusebenzisa iPatchGuard kwiWindows

Ubukho bePatchGuard buphendula kwimfuno Khusela ukuthembeka kwenkqubo yokusebenza kwaye uthintele ikhowudi engagunyaziswanga-nokuba isemthethweni okanye inobungozi-ukutshintsha amacandelo angundoqo.Imingcipheko ekufuneka incitshiswe mininzi, kodwa eminye yeyona ibalulekileyo ibandakanya:

  • Iibhugi ezibalulekileyo kwi-kernel ithathwe kwikhowudi engaziwayo okanye engavavanywanga ngokwaneleyo
  • Iingxabano kunye neengxaki ze ukuthembeka xa iinkqubo ezininzi zizama ukulungisa iindawo ezifanayo ezikhuselweyo
  • Ukuzithemba ngokupheleleyo kukhuseleko lwenkqubo, ukuququzelela ukufakwa kwee-rootkits kunye ne-malware engabonakaliyo
  • Uzinzo lulonke lwenkqubo yokusebenza: I-PatchGuard inciphisa kakhulu iingozi kunye nezikrini eziluhlaza ezibangelwa abaqhubi 'abadali'

UMicrosoft wathethelela ukwaziswa kwePatchGuard emva kokuhlalutya idatha ebanzi ngokusilela kwenkqubo apho i Ukuguqulwa kwe-Kernel kwakuyeyona nto ibangela ukuphahlazeka kunye neengxaki ezinzuluNgokuthintela ukuchwetheza okungakhethiyo ziinkqubo zomntu wesithathu, indawo enokucingeleka ngakumbi nezinzileyo iyafezekiswa, ibalulekile kubasebenzisi abaziingcali nabasekhaya.

Unyino kunye neengxabano: Kutheni le nto iPatchGuard ixoxwa kangaka?

Njengoko kudla ngokuba njalo kwimiba yokhuseleko, akukho sistim ingenakusilela okanye igqibelele. I-PatchGuard ayinakunqanda lonke uhlaselo kwaye ayinako ukukhusela inkqubo kubaqhubi abakhohlakeleyo abasebenza kwinqanaba lelungelo le-kernel.Enyanisweni, ezinye iingcali zikholelwa ukuba, nangona imele umqobo owongezelelweyo, abahlaseli abanezakhono ngokwaneleyo banokufumana iindlela zokuyiphepha.

Inyaniso yokuba abaqhubi banenqanaba lelungelo elifanayo njenge kernel ngokwayo Oku kuthetha ukuba umhlaseli onofikelelo olwaneleyo, ngokwethiyori, unokuvala okanye adlule kwizithintelo zePatchGuard. Ukuphendula, iMicrosoft ibisoloko ihlaziya itekhnoloji, isenza ukuba iindlela zokuphepha ezaziwayo zibe nzima ngakumbi kwaye yenza uKhuseleko lweKernel Patch lube "kujoliso olushukumayo rhoqo" kubaphuli mthetho be-cyber. Ukusukela ekukhululweni kwayo, ubuncinci uhlaziyo olukhulu luphunyeziwe ukujongana nobuthathaka obufunyenwe ngaphambili kunye neendlela zokusebenza.

Enye yezona ngongoma ziphikisanayo yileyo I-PatchGuard ithintele ukusebenza kwe-antivirus ethile kunye neenkqubo zokhuseleko. ngokwesiko, benza iinguqulelo ezinzulu kwi-kernel ukunika ukhuseleko oluphambili olufana nokuvalwa kwenkqubo okanye ukususa i-rootkit. Izixhobo ze-Classic ezivela kuMcAfee, i-Symantec okanye i-Kaspersky zixhomekeke kwi-kernel patching kwiinkqubo ze-x86, eziye zabanika indawo engakumbi yokuqhuba kodwa, ngokubuyisela, baphinde babeke uzinzo emngciphekweni. Kumaqonga e-x64, ezi nkqubo zifanayo zabona ukufikelela kwazo kuncitshiswe kakhulu, kwaye bekukho amazwi ngaphakathi kwicandelo efuna ukuba iMicrosoft yenze ngaphandle kweenkampani "ezithenjiweyo". UMicrosoft, nangona kunjalo, wakhetha ukungena Sukuyenza buthathaka iPatchGuard usebenzisa izinto zabucalaNgenye indlela, isebenzisana nabathengisi ukuphuhlisa ii-API ezintsha kunye neendlela ezisemthethweni, ukuvumela isofthiwe yokhuseleko ukufezekisa iinjongo zayo ngaphandle kokuphazamisa ingundoqo.

  Ukuchwetheza oonobumba abakhethekileyo ngeqhosha le-Alt kwiWindows: iisimboli, amaqhinga, iindlela ezizezinye, kunye neetafile ezihlaziyiweyo

Imizekelo yePatchGuard yokudlula kunye nohlaselo

Ukususela ekusekweni kwayo, uluntu lwe-cybersecurity luye lwazama ukuhlalutya, ukuvavanya, kwaye, kwezinye iimeko, ukophula ukhuseleko lwePatchGuard. Akukhange kubekho kunqongophala kwethiyori kunye nemizekelo ebonakalayo yeendlela zokugqitha ukhuseleko lwayo. Ezinye zezona ndlela zaziwayo zokuhlasela okanye iikhonsepthi ziquka:

  • GhostHook: uhlaselo olufunyenwe ngabaphandi beCyberArk Labs oluvumela iirootkits ezingafumanekiyo ukuba zifakwe nakuhlaziywa ngokupheleleyo Windows 10 iinkqubo. Ixhomekeke ekusebenziseni iimpawu ze-hardware ezifana Intel I-PT, ngokuxhaphaza umphathi we-PMI, ukufumana ulawulo lwe-kernel.
  • InfinityHook kunye neByePg: Obunye ubuchule obubonise ubuthathaka ekuphunyezweni kwePatchGuard kwiimeko ezahlukeneyo.
  • Ukusetyenziswa kobuthathaka kubaqhubi abasemthethweni, njengakwimeko ye-rootkit ye-Uroburos, esebenzise iziphene kubaqhubi abasayiniweyo ukukhubaza zombini uKhuseleko lweSiginesha yoMqhubi kunye nePatchGuard ngokwayo.

Kuzo zonke ezi meko, idinomineyitha eqhelekileyo yi inqanaba eliphezulu kakhulu ilungelo elifunekayo ukwenza uhlaselo, okunciphisa kakhulu umngcipheko kumsebenzisi oqhelekileyo, kodwa uhlala exhalabele ishishini kunye neendawo ezibalulekileyo.

Chonga iifayile ezikrokrelayo okanye ezingalunganga kwi-C:\Windows
Inqaku elidibeneyo:
Uzifumana njani kwaye uzisuse njani iifayile ezikrokrelekayo okanye i-malware kwiC:\Windows

Ngokomzekelo, iMicrosoft ithathele ingqalelo ukuba uhlaselo lwe-GhostHook aluzange lufune isiqwenga esikhawulezileyo, ekubeni ukuyixhaphaza kufuna ukuba umhlaseli sele enofikelelo lwe-kernel-level, imeko ekuthi, kwithiyori, akufanele ihlangane ngokulula. Nangona kunjalo, iingcali kwiCyberArk Labs zaxoxa ukuba kufuneka zilungiswe, ngenxa yoko I-PatchGuard ngowona mgca uphambili wokhuselo ongafanele ube sesichengeni..

Shiya amazwana