Skip to content

Looping the SSDT on windows to retrieve the addresses of all native system calls on the system.

Notifications You must be signed in to change notification settings

Aston539/Windows-SSDT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

2bd5c9f · Jul 21, 2023

History

2 Commits
Jul 21, 2023
Jul 21, 2023
Jul 21, 2023

Repository files navigation

Windows-SSDT

Looping the SSDT on windows to retrieve the addresses of all native system calls on the system.

The kernelmode part of this project uses relative offsets from ntoskrnl's base address to retrieve the KeServiceDescriptorTable and KeServiceDescriptorTableShadow structures these may have to be changed and or updated to support older / newer version of windows however everything is setup in the project to allow for pattern scanning aswell as the patterns to these structures being included in the project.

ssdt-test

About

Looping the SSDT on windows to retrieve the addresses of all native system calls on the system.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published