Results 1 to 2 of 2

Thread: LINK: How to get the address of KeServiceDescriptorTableShadow

  1. #1

    LINK: How to get the address of KeServiceDescriptorTableShadow

    This article shows how to get the address of KeServiceDescriptorTableShadow kernel variable. This variable is used to add new system services to kernel, or hook a existing system service. Unfortunately, it is not exported by ntoskrnl.exe, so we have to get its address manually.

    http://www.codeproject.com/KB/tips/SDTShadow.aspx

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Thanks for the tip.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. LINK: Shellcode tutorials
    By bilbo in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: February 2nd, 2013, 05:28
  2. Preserving Undocumented Kernel Information - KeServiceDescriptorTableShadow
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 23
    Last Post: June 25th, 2008, 05:29
  3. LINK: Microsoft HotPatching Article
    By Opcode in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: April 27th, 2006, 09:11
  4. LINK problem?!
    By The_Philosopher in forum Bugs
    Replies: 8
    Last Post: February 1st, 2003, 03:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •