Content deleted Content added
←Redirected page to System Service Dispatch Table |
Zakblade2000 (talk | contribs) No edit summary |
||
Line 1:
The '''System Service Descriptor Table''' ('''SSDT''') is an internal [[dispatch table]] within [[Microsoft Windows]].
[[Hooking]] SSDT calls is often used as a technique in both Windows [[rootkit]]s and [[antivirus software]].<ref>{{Cite web|url=http://www.symantec.com/connect/articles/windows-rootkits-2005-part-one|title= Windows rootkits of 2005, part one|work=Symantec|year=2005}}</ref><ref name="ZDNET2010">{{Cite web|url=http://www.zdnet.co.uk/news/security-threats/2010/05/11/attack-defeats-most-antivirus-software-40088896/ |year=2010|title=Attack defeats 'most' antivirus software|work=ZD Net UK}}</ref>
In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to [[Exploit (computer security)|exploits]] using [[race condition]]s to attack the products' security checks.<ref name="ZDNET2010"/>
==Structure of the SSDT==
<source lang="cpp">
typedef struct _KSERVICE_DESCRIPTOR_TABLE
{
PULONG ServiceTableBase;
PULONG ServiceCounterTableBase;
ULONG NumberOfServices;
PUCHAR ParamTableBase;
}KSERVICE_DESCRIPTOR_TABLE,*PKSERVICE_DESCRIPTOR_TABLE;
</source>
The pointer to this structure is '''KeServiceDescriptorTable''', exported by [[ntoskrnl.exe]].
== References ==
{{Reflist}}
[[Category:Windows technology]]
[[Category:Computer security]]
[[Category:Rootkits]]
[[Category:Windows NT kernel]]
[[Category:Data structures]]
{{Windows-stub}}
| |||