Looking at the Windbg outputs above, we see that there is one clearly identified SST table in the case of nt!KeServiceDescriptorTable and two in the case of nt!KeServiceDescriptorTableShadow. SSDT is an acronym for System Service Dispatch Table.Īs mentioned above, there is an array of pointers, in the 32-bit case, or an array of relative addresses (plus additional information), in the 64-bit case, that is pointed to by the ServiceTable field of a SST (System Service Table) - this array is nothing more, nothing less than a SSDT. Service Descriptor TableĪ Service Descriptor Table is a Kernel structure, shown below, that contains 4 System Service Table (SST) entries.Ĭopy Code kd> dps nt!KeServiceDescriptorTableShadow L10Ĩ1a2a150 98f00000 win32k!W32pServiceTableĨ1a2a15c 98f01628 win32k!W32pArgumentTableĨ1a2a16c 819245b2 nt!FinalExceptionHandlerPad58 We must explain and locate them first before we finally locate and explain the SSDTs.
#Sst djvureader drivers#
Even though the tests were successful, you must only test these Drivers, and any drivers in general, in computers (or virtual machines) you use exclusively for testing.
#Sst djvureader windows 10#
We have tested the Kernel Drivers in all the operating systems they are intended for (i.e., 32-bit Windows 7 and Windows 10 till RedStone 2 or version 1703, 64-bit releases of Windows 7, 8, 8.1 and 10 till Redstone 2, and 64-bit server editions that use the same codebases, namely 2008 R2, 20).Proper Kernel debugging requires 2 computers, but the target computer can be lodged in a virtual machine (unless we are testing some hardware drivers, which is not the case) so that you don't have to mess with cables to establish a connection.
#Sst djvureader how to#
For Kernel Mode snooping, it is useful to know how to use Windbg, or its command line brother KD.Some knowledge of C language is important in order to understand our code - if you don't have it, you can still continue reading and try to grasp some insight (if you don't already have, of course) about what we are writing about.Our 32-bit and 64-bit code to find the SSDTs.This may not be that easy, but let's move on through 5 steps and hope for the best: I have the obligation to provide relevant information on a difficult topic, in a go-easy way and within the space of a single page article, in the hope that in the end everything will make sense to everybody. Have you heard about software repositories where authors often drop code without a single line of relevant explanation? Of course you did, but here we must not do the same. Unlike the pursuit for the Holy Grail, this quest will succeed but the journey will be a lil bit tricky.
0 kommentar(er)
