System Service Descriptor Table

The System Service Descriptor Table (SSDT) is an internal dispatch table within Microsoft Windows.

Hooking SSDT calls is often used as a technique in both Windows rootkits and antivirus software.^[1]^[2]

In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to exploits using race conditions to attack the products' security checks.^[2]

References

↑ "Windows rootkits of 2005, part one". Symantec. 2005.
1 2 "Attack defeats 'most' antivirus software". ZD Net UK. 2010.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Windows rootkits of 2005, part one". Symantec. 2005.

[ZDNET2010-2] 1 2 "Attack defeats 'most' antivirus software". ZD Net UK. 2010.