Hotpatch Package Structure

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

A hotpatch package contains hotpatch and coldpatch binary files for the operating system update.

• The hotpatch binary file contains only the function necessary to address the critical operating system flaw.

• The coldpatch contains the old binary file with the fixed function appended to it and an instruction to jump from the flawed function to the fixed function. Redirecting to the new function ensures that the defective processes in memory are fixed by patching the old function.

Hotpatch and coldpatch binary files are produced by the hotpatch creation tool, as shown in Figure 1.

Figure 1 shows that the hotpatch binary file contains one changed function (Function A’) and that the coldpatch is composed of the old binary file with the appended new function. When a hotpatch package is installed, it:

• Replaces the old binary file on disk with the coldpatch binary file.

• Injects the updated function (as a hotpatch binary file) into the loaded image of the defective binary file.

• Inserts a jump instruction above the defective function to redirect all subsequent calls to the updated function.

Hotpatch application addresses currently running instances of the critical flaws, and the complementing coldpatch secures the new instances of the process and persists the patch beyond reboot. Thus, any process that starts after applying the update will be fixed because the operating system will load the coldpatch binary file. This coldpatch format allows similar representations of the new function on disk and in memory.

The package containing a hotpatch-enabled fix will have two binary files related to the file being serviced. The hotpatch file contains the “.hp” appendix.