| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Descriptor Tables
The x86 architecture has a number of different descriptor tables that are used by the processor to handle things like memory management (GDT), interrupt dispatching (IDT), and so on. In addition to processor-level descriptor tables, the Windows operating system itself also includes a number of distinct software-level descriptor tables, such as the SSDT. The majority of these descriptor tables are heavily relied upon by the operating system and therefore represent a tantalizing target for use in backdoors. Like the function hooking technique described in 2.1.1, all of the techniques presented in this subsection have been known about for a significant amount of time. The authors have attempted, when possible, to identify the origins of each technique.
Subsections