Jump to content

System Service Descriptor Table

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Zakblade2000 (talk | contribs) at 04:10, 13 July 2014. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The System Service Descriptor Table (SSDT) is an internal dispatch table within Microsoft Windows.

Hooking SSDT calls is often used as a technique in both Windows rootkits and antivirus software.[1][2]

In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to exploits using race conditions to attack the products' security checks.[2]

Structure of the SSDT

typedef struct _KSERVICE_DESCRIPTOR_TABLE
{
    PULONG ServiceTableBase; 
    PULONG ServiceCounterTableBase; 
    ULONG NumberOfServices; 
    PUCHAR ParamTableBase; 
}KSERVICE_DESCRIPTOR_TABLE,*PKSERVICE_DESCRIPTOR_TABLE;

The pointer to this structure is KeServiceDescriptorTable, exported by ntoskrnl.exe.

References

  1. ^ "Windows rootkits of 2005, part one". Symantec. 2005.
  2. ^ a b "Attack defeats 'most' antivirus software". ZD Net UK. 2010.
Stub icon

This Microsoft Windows article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=System_Service_Descriptor_Table&oldid=616740649"