[RHL]

Hello all :D I'm new on the forum
I'm starting in the kernel mode development... I'm reading Windows internal, then I have problem for understand it
I would like to know the difference between system service dispatcher Table and System Service Descriptor Table... ?

also - I have understood that the KeServiceDescriptorTable is the it contain the pointer for the funcions... right?
but why when do this in Windbg, it does not show me the pointers...?

Code: Select all

kd> dd KeServiceDescriptorTable
80552fa0  80501b8c 00000000 0000011c 80502000
80552fb0  00000000 00000000 00000000 00000000
80552fc0  00000000 00000000 00000000 00000000
80552fd0  00000000 00000000 00000000 00000000
80552fe0  00002710 bf80c0b6 00000000 00000000
80552ff0  f7b18a80 f729bb60 840270f0 806e1f40
80553000  00000000 00000000 03692082 00000000
80553010  a093a7c2 01cd3ec2 00000000 00000000

thanks a lot

:D

[rkhunter]

Hoglund, Butler "Rootkits: Subverting the Windows Kernel"
Schreiber "Undocumented Windows 2000 Secrets"

http://www.kernelmode.info/forum/viewto ... 1098#p8385

[RHL]

Hi rkhunter
Yeah, I'm reading "Rootkits: Subverting the Windows Kernel",but I wanted to ask for help because I do not understand ... : (

[nullptr]

Code: Select all

kd> dd KeServiceDescriptorTable

80552fa0  80501b8c 00000000 0000011c 80502000
             ^                  ^
             |                  |
 Service table base address      |
                              Number of Entries