System Service Dispatch Counts

SSDT or System Service Dispatch Table is a table of descriptor of service located in the Noyau of operating system, used by Windows to direct calls of the system towards a suitable treatment: count of addressing of the API.

" SSDT hooking" The " crochetage" table SSDT for its modification one of the techniques is frequently used by the rootkits. By modifying this table, they can reorientate the execution towards their code instead of the module of treatment (function) originally called. Some of these functions are hooked as well by the unhealthy rootkits as the antirootkits… examples: NtAssignProcessToJobObject, NtCreateKey, NtCreateThread, NtDeleteFile, NtLoadDriver, NtOpenProcess, NtProtectVirtualMemory, NtReplaceKey, NtTerminateProcess, NtTerminateThread, NtUnloadDriver, NtWriteVirtualMemory…

Consequently this table of the core one of is controlled by the utilities of detection of the rootkits. Its restoration in the event of nondesired modification is a " + " what offers only the best antiones.

Random links:

Etienne Bonnot de Condillac | Pietro II Candiano | Just of Alexandria | List monetary and financial crises | Peter Taglianetti | Extrémité-sur-Mer_de_Knott

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org