新 Low-Level 二进制文件New Low-Level Binaries

受影响的平台Affected Platforms

客户 端-Windows 7Clients - Windows 7
服务器 -Windows Server 2008 R2Servers - Windows Server 2008 R2

功能影响Feature Impact

严重性 -中等Severity - Medium
频率 -高Frequency - High

说明Description

为了提高内部工程效率并改善基础以供将来工作,我们已将一些功能重定位到新的低级别二进制文件。To improve internal engineering efficiencies and improve foundations for future work, we have relocated some functionality to new low-level binaries. 利用此重构,Windows 的将来安装可以提供功能的子集,以减少外围应用 (磁盘和内存要求、服务和攻击面) 。This refactoring will make it possible for future installs of Windows to provide subsets of functionality to reduce surface area (disk and memory requirements, servicing, and attack surface).

影响的表现形式Manifestation of Impact

作为移动到低级别二进制文件的功能示例,kernelbase.dll 从 kernel32.dll 和 advapi32.dll 获取功能。As an example of functionality that we moved to low-level binaries, kernelbase.dll gets functionality from kernel32.dll and advapi32.dll. 这意味着现有的二进制文件现在将调用转发到新的二进制文件,而不是直接对其进行处理;转发可以是静态的 (导出表显示重定向) ,或者 dll (运行时,则 dll 有一个存根例程,该例程向下调用新的二进制文件) 。This means that the existing binary now forwards calls down to the new binary rather than handling them directly; the forwarding can be static (the export table shows the redirection), or runtime (the dll has a stub routine that calls down to the new binary). 这会影响低级别的应用程序,例如依赖于内部 Api 和偏移量的安全和备份应用程序。This will impact low-level applications such as security and backup applications that are dependent upon internal APIs and offsets.

解决方案Solution

唯一的影响是对尝试在内存中查看 kernel32.dll 或 advapi32.dll 导出表时进行假设的代码,如防病毒应用程序。The only impact is to code that makes assumptions when attempting to look at the kernel32.dll or the advapi32.dll export table in memory, such as an anti-virus application might do. 使用已发布的 Api,而不是其实现的详细信息。Use published APIs and not the details of their implementation. 这只是实现 API 实现的详细信息的一个示例。This is just one example of implementing around a detail of implementation for an API.