Wikipedia

System Service Descriptor Table: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Fixed a typo found with Wikipedia:Typo_Team/moss. Context and removal of jargon is needed.
GreenC bot (talk | contribs)
Bots
3,054,792 edits
 
(3 intermediate revisions by 3 users not shown)
Line 11:
== Hooking ==
 
Modification of the SSDT allows to redirect syscalls to routines outside the kernel. These routines can be either used to hide the presence of software or to act as a backdoor to allow attackers permanent code execution with kernel privileges. For both reasons, [[Hooking|hooking]] SSDT calls is often used as a technique in both Windows [[rootkit|kernel mode rootkits]] and [[antivirus software]].<ref>{{Cite web|url=httphttps://wwwcommunity.symantecbroadcom.com/connectsymantecenterprise/articlescommunities/windowscommunity-rootkitshome/librarydocuments/viewdocument?DocumentKey=a3624787-2005b8a3-part42f6-oneb33a-3f30181c4ce6&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments|title= Windows rootkits of 2005, part one|work=Symantec|year=2005}}</ref><ref name="ZDNET2010">{{Cite web|url=httphttps://www.zdnet.co.ukcom/news/security-threats/2010/05/11article/attack-defeats-most-antivirus-software-40088896/ |year=2010|title=Attack defeats 'most' antivirus software|work=ZD Net UK}}</ref>
 
In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to [[Exploit (computer security)|exploits]] using [[race condition]]s to attack the products' security checks.<ref name="ZDNET2010"/>
Line 28:
[[Category:Windows technology]]
[[Category:Computer security]]
[[Category:Rootkits]]
[[Category:Windows NT kernel]]
[[Category:Windows rootkit techniques]]
Retrieved from "https://en.wikipedia.org/wiki/System_Service_Descriptor_Table"