The System Call Table


The Windows kernel relies on a table of pointers to functions in order to perform system operations. This table, referred to by Microsoft as the system service table, or service descriptor table, can be modified to point to user-specified functions. “Hooking” these system functions is the focus of this chapter.

The DDK reference, KeServiceDescriptorTable, will provide any kernel-level process access to the system call table, but modifying the table and using alternate kernel functions is not a simple task. This chapter introduces the functions accessed through the table and gives you the resources to replace these kernel functions with your own.

There are many entries in the system call table, pointing to everything from simple string operations to complex client/server operations, so don’t expect to learn the full scope of the system call table overnight. However, keep in mind that the more you can learn about the functions referenced by this table, the better prepared you will be to implement kernel hooking.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net