Hot-patching - NyaRuRuが地球にいたころ

これ読んでいて思い出しましたが，Windows の Hot-patching について．
以前社本さんに教えていただいたアレです．

あーーーっ。コレだーーーっ！！
＃TechEdで某部屋にいた人には分かるよね？(笑)

Windows Server 2003 SP1 から、プロセスに読み込まれた(メモリ内にある)DLLを置き換えることができるようです。すげ〜〜〜。

でも、きっと、ステートレスなDLLじゃないとダメだよね。

どういう風に実装されているかについては，社本さんが紹介されているリンク先にあるのですが，要するに DLL のエクスポート関数の先頭を jmp 命令で書き換えてしまうという，古典的な方法の模様．

Hotpatching

Hotpatching, also known as “in-memory patching,” is designed to reduce server downtime when you install updates onto computers that are running 32-bit versions of Windows Server 2003 with Service Pack 1 (SP1). The goal is to enable the installation of software updates without having to restart your servers.

If a file is in use when you install a software update, it usually cannot be replaced with the new version until the computer restarts. Hotpatching, however, allows for the automatic insertion of code from a simple software update into a running process. This means that system files can be updated while they are in use.

When a file is hotpatched, the new version of a function from the software update is loaded into memory, and a single line of code in the original function is changed to branch to the new version. After the jump to the new function is injected, each subsequent execution of the function points to the new version. (The next figure illustrates this process.) Applications that are in the middle of a call to the function before the software update was applied are allowed to terminate normally.

Hotpatching is complemented by the usual software update process in which the file on disk is replaced, allowing future spawns of the affected process to contain the software update. Hotpatching is possible only for software updates that provide isolated fixes for individual functions; it is not compatible with software updates that update several interdependent functions. The Knowledge Base article that describes a particular software update will clearly indicate that it is compatible with hotpatching if this is the case.

Figure 4 - Hotpatching overview

これを実現するには DLL のエクスポート関数の先頭が 2 byte 命令でないと厄介なため，コンパイラレベルで考慮してあげる必要があって，実際最近の Visual C++ にはこんなオプションが追加されています．
/hotpatch (Create Hotpatchable Image)
もうちょっと調べてみると，Windows x64 環境についておもしろい話が見つかりました．
「FreiK's WebLog」より．
発端はx64 ABI vs. x86 ABI (aka Calling Conventions for AMD64 & EM64T)という記事のコメント欄．
そこから派生して，この記事です．

What if I don't want hot-patchability

Honestly, I don't think there's anything that prevents you from breaking these particular rules, except the cost is so minimal, there's really just no good reason not to do it. X86 has something like a 30% hot-patchable kernel. And x64 has a 100% hot-patchable kernel. You tell me which one is better.

このように，x64 kernel は 100% hot-patchable とのこと．一方で x64 kernel はこのようなカーネルパッチ対策も盛り込まれており，hot-patchable kernel が第三者にとって有利に働くとは限らないようです．
Kernel Patch Protection
んで，Vista はどうなのというとこの辺に話が載っていて，hot-patch テクノロジは Vista SP1 からサポートと書かれていますね．
また，hot-patch が適用できないモジュールにどんなものがあるかについても触れられています．
http://www.msblog.org/?p=433