System Service Descriptor Table
The System Service Descriptor Table (SSDT) is an internal dispatch table within Microsoft Windows.
Hooking SSDT calls is often used as a technique in both Windows rootkits and antivirus software.[1][2]
In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to exploits using race conditions to attack the products' security checks.[2]
Structure of the SSDT
typedef struct _KSERVICE_DESCRIPTOR_TABLE
{
    PULONG ServiceTableBase; 
    PULONG ServiceCounterTableBase; 
    ULONG NumberOfServices; 
    PUCHAR ParamTableBase; 
}KSERVICE_DESCRIPTOR_TABLE,*PKSERVICE_DESCRIPTOR_TABLE;
The pointer to this structure is KeServiceDescriptorTable, exported by ntoskrnl.exe.
lkd> dds KiServiceTable l 191
82ab8d9c  82cb4c28 nt!NtAcceptConnectPort
82ab8da0  82afb40d nt!NtAccessCheck
82ab8da4  82c44b68 nt!NtAccessCheckAndAuditAlarm
82ab8da8  82a5f88a nt!NtAccessCheckByType
82ab8dac  82cb64ff nt!NtAccessCheckByTypeAndAuditAlarm
82ab8db0  82b383fa nt!NtAccessCheckByTypeResultList
82ab8db4  82d26b05 nt!NtAccessCheckByTypeResultListAndAuditAlarm
82ab8db8  82d26b4e nt!NtAccessCheckByTypeResultListAndAuditAlarmByHandle
82ab8dbc  82c393bd nt!NtAddAtom
82ab8dc0  82d40368 nt!NtAddBootEntry
82ab8dc4  82d415c1 nt!NtAddDriverEntry
82ab8dc8  82c2fb95 nt!NtAdjustGroupsToken
82ab8dcc  82cc0b35 nt!NtAdjustPrivilegesToken
82ab8dd0  82d19963 nt!NtAlertResumeThread
82ab8dd4  82c6ca56 nt!NtAlertThread
82ab8dd8  82c3c6cc nt!NtAllocateLocallyUniqueId
82ab8ddc  82bd2928 nt!NtAllocateReserveObject
82ab8de0  82d0b898 nt!NtAllocateUserPhysicalPages
82ab8de4  82c2314e nt!NtAllocateUuids
82ab8de8  82c65a62 nt!NtAllocateVirtualMemory
82ab8dec  82cb1df1 nt!NtAlpcAcceptConnectPort
82ab8df0  82c13238 nt!NtAlpcCancelMessage
82ab8df4  82cb11fe nt!NtAlpcConnectPort
82ab8df8  82c30c0c nt!NtAlpcCreatePort
82ab8dfc  82cc25bc nt!NtAlpcCreatePortSection
82ab8e00  82c3328f nt!NtAlpcCreateResourceReserve
82ab8e04  82cc239c nt!NtAlpcCreateSectionView
82ab8e08  82cbaafc nt!NtAlpcCreateSecurityContext
82ab8e0c  82c450f0 nt!NtAlpcDeletePortSection
82ab8e10  82d06657 nt!NtAlpcDeleteResourceReserve
82ab8e14  82cb7ec9 nt!NtAlpcDeleteSectionView
82ab8e18  82cc27ee nt!NtAlpcDeleteSecurityContext
82ab8e1c  82c9b1fc nt!NtAlpcDisconnectPort
82ab8e20  82cb5f2e nt!NtAlpcImpersonateClientOfPort
82ab8e24  82c47d15 nt!NtAlpcOpenSenderProcess
82ab8e28  82c3bcf3 nt!NtAlpcOpenSenderThread
82ab8e2c  82c2db70 nt!NtAlpcQueryInformation
82ab8e30  82c9ba83 nt!NtAlpcQueryInformationMessage
82ab8e34  82d0677f nt!NtAlpcRevokeSecurityContext
82ab8e38  82c8df0a nt!NtAlpcSendWaitReceivePort
82ab8e3c  82c3b702 nt!NtAlpcSetInformation
82ab8e40  82c4d21b nt!NtApphelpCacheControl
82ab8e44  82c090e3 nt!NtAreMappedFilesTheSame
82ab8e48  82c3aed1 nt!NtAssignProcessToJobObject
82ab8e4c  82ab98bc nt!NtCallbackReturn
82ab8e50  82c045c3 nt!NtCancelIoFile
82ab8e54  82c38ce7 nt!NtCancelIoFileEx
82ab8e58  82cf2fb0 nt!NtCancelSynchronousIoFile
82ab8e5c  82a65d56 nt!NtCancelTimer
82ab8e60  82c67b5f nt!NtClearEvent
82ab8e64  82c8037a nt!NtClose
82ab8e68  82cb642e nt!NtCloseObjectAuditAlarm
82ab8e6c  82d2e412 nt!NtCommitComplete
82ab8e70  82d2e132 nt!NtCommitEnlistment
82ab8e74  82c0f9b9 nt!NtCommitTransaction
82ab8e78  82cd8013 nt!NtCompactKeys
82ab8e7c  82c36c9d nt!NtCompareTokens
82ab8e80  82c3bce9 nt!NtCompleteConnectPort
82ab8e84  82cd827f nt!NtCompressKey
82ab8e88  82cb3d09 nt!NtConnectPort
82ab8e8c  82a7bd0c nt!NtContinue
82ab8e90  82ce8c79 nt!NtCreateDebugObject
82ab8e94  82c3e505 nt!NtCreateDirectoryObject
82ab8e98  82be0a55 nt!NtCreateEnlistment
82ab8e9c  82c7c671 nt!NtCreateEvent
82ab8ea0  82d46068 nt!NtCreateEventPair
82ab8ea4  82c8b1e4 nt!NtCreateFile
82ab8ea8  82c96667 nt!NtCreateIoCompletion
82ab8eac  82c2d977 nt!NtCreateJobObject
82ab8eb0  82d1b6de nt!NtCreateJobSet
82ab8eb4  82c3ce2a nt!NtCreateKey
82ab8eb8  82c4bd1e nt!NtCreateKeyedEvent
82ab8ebc  82c0da36 nt!NtCreateKeyTransacted
82ab8ec0  82c4132f nt!NtCreateMailslotFile
82ab8ec4  82c4c196 nt!NtCreateMutant
82ab8ec8  82cbc4f9 nt!NtCreateNamedPipeFile
82ab8ecc  82bc8406 nt!NtCreatePagingFile
82ab8ed0  82c2d75f nt!NtCreatePort
82ab8ed4  82c0f57f nt!NtCreatePrivateNamespace
82ab8ed8  82d17df9 nt!NtCreateProcess
82ab8edc  82d17e44 nt!NtCreateProcessEx
82ab8ee0  82d46afb nt!NtCreateProfile
82ab8ee4  82d46ac1 nt!NtCreateProfileEx
82ab8ee8  82be335f nt!NtCreateResourceManager
82ab8eec  82c5ef2b nt!NtCreateSection
82ab8ef0  82c4198d nt!NtCreateSemaphore
82ab8ef4  82c3d7f5 nt!NtCreateSymbolicLinkObject
82ab8ef8  82d17c02 nt!NtCreateThread
82ab8efc  82cac124 nt!NtCreateThreadEx
82ab8f00  82c3a304 nt!NtCreateTimer
82ab8f04  82c40ac8 nt!NtCreateToken
82ab8f08  82c0be62 nt!NtCreateTransaction
82ab8f0c  82be316b nt!NtCreateTransactionManager
82ab8f10  82caa056 nt!NtCreateUserProcess
82ab8f14  82be0134 nt!NtCreateWaitablePort
82ab8f18  82c4bf39 nt!NtCreateWorkerFactory
82ab8f1c  82ce9b36 nt!NtDebugActiveProcess
82ab8f20  82cea1f3 nt!NtDebugContinue
82ab8f24  82c6496f nt!NtDelayExecution
82ab8f28  82c2807b nt!NtDeleteAtom
82ab8f2c  82d4039b nt!NtDeleteBootEntry
82ab8f30  82d415f3 nt!NtDeleteDriverEntry
82ab8f34  82bd46ad nt!NtDeleteFile
82ab8f38  82c27911 nt!NtDeleteKey
82ab8f3c  82cc69df nt!NtDeleteObjectAuditAlarm
82ab8f40  82ccf6f6 nt!NtDeletePrivateNamespace
82ab8f44  82c19328 nt!NtDeleteValueKey
82ab8f48  82caf3ca nt!NtDeviceIoControlFile
82ab8f4c  82d034da nt!NtDisableLastKnownGood
82ab8f50  82d3e5ef nt!NtDisplayString
82ab8f54  82b4f259 nt!NtDrawText
82ab8f58  82c6d4f0 nt!NtDuplicateObject
82ab8f5c  82ca7974 nt!NtDuplicateToken
82ab8f60  82d035bb nt!NtEnableLastKnownGood
82ab8f64  82d4059d nt!NtEnumerateBootEntries
82ab8f68  82d417f3 nt!NtEnumerateDriverEntries
82ab8f6c  82ca2a59 nt!NtEnumerateKey
82ab8f70  82d4017b nt!NtEnumerateSystemEnvironmentValuesEx
82ab8f74  82d2ef4c nt!NtEnumerateTransactionObject
82ab8f78  82ca4ebf nt!NtEnumerateValueKey
82ab8f7c  82d09a0f nt!NtExtendSection
82ab8f80  82c20d81 nt!NtFilterToken
82ab8f84  82c2c8ff nt!NtFindAtom
82ab8f88  82c44117 nt!NtFlushBuffersFile
82ab8f8c  82bd090f nt!NtFlushInstallUILanguage
82ab8f90  82c3b4c2 nt!NtFlushInstructionCache
82ab8f94  82c1a9cd nt!NtFlushKey
82ab8f98  82a601b1 nt!NtFlushProcessWriteBuffers
82ab8f9c  82c16130 nt!NtFlushVirtualMemory
82ab8fa0  82d0c9b7 nt!NtFlushWriteBuffer
82ab8fa4  82d0c039 nt!NtFreeUserPhysicalPages
82ab8fa8  82af44db nt!NtFreeVirtualMemory
82ab8fac  82b0e6fc nt!NtFreezeRegistry
82ab8fb0  82d2f39a nt!NtFreezeTransactions
82ab8fb4  82c916a2 nt!NtFsControlFile
82ab8fb8  82cd0dc1 nt!NtGetContextThread
82ab8fbc  82cd0d56 nt!NtGetCurrentProcessorNumber
82ab8fc0  82d14e37 nt!NtGetDevicePowerState
82ab8fc4  82c4cdaf nt!NtGetMUIRegistryInfo
82ab8fc8  82d19b54 nt!NtGetNextProcess
82ab8fcc  82cc8c0a nt!NtGetNextThread
82ab8fd0  82c155c6 nt!NtGetNlsSectionPtr
82ab8fd4  82d2f4f4 nt!NtGetNotificationResourceManager
82ab8fd8  82bfae67 nt!NtGetPlugPlayEvent
82ab8fdc  82b255c7 nt!NtGetWriteWatch
82ab8fe0  82c317ca nt!NtImpersonateAnonymousToken
82ab8fe4  82d057a1 nt!NtImpersonateClientOfPort
82ab8fe8  82cb55fc nt!NtImpersonateThread
82ab8fec  82c97f0d nt!NtInitializeNlsFiles
82ab8ff0  82bd41ca nt!NtInitializeRegistry
82ab8ff4  82ccb5c3 nt!NtInitiatePowerAction
82ab8ff8  82ccccdd nt!NtIsProcessInJob
82ab8ffc  82d14e1e nt!NtIsSystemResumeAutomatic
82ab9000  82bcede9 nt!NtIsUILanguageComitted
82ab9004  82bcbc75 nt!NtListenPort
82ab9008  82c01b78 nt!NtLoadDriver
82ab900c  82bcd426 nt!NtLoadKey
82ab9010  82bbaa1c nt!NtLoadKey2
82ab9014  82bdde72 nt!NtLoadKeyEx
82ab9018  82c3f32b nt!NtLockFile
82ab901c  82bb4026 nt!NtLockProductActivationKeys
82ab9020  82baf6d5 nt!NtLockRegistryKey
82ab9024  82a5f191 nt!NtLockVirtualMemory
82ab9028  82c021b1 nt!NtMakePermanentObject
82ab902c  82c47851 nt!NtMakeTemporaryObject
82ab9030  82c4c35b nt!NtMapCMFModule
82ab9034  82d0ab57 nt!NtMapUserPhysicalPages
82ab9038  82d0b12d nt!NtMapUserPhysicalPagesScatter
82ab903c  82c82394 nt!NtMapViewOfSection
82ab9040  82d4056c nt!NtModifyBootEntry
82ab9044  82d417c4 nt!NtModifyDriverEntry
82ab9048  82c31db6 nt!NtNotifyChangeDirectoryFile
82ab904c  82c35e17 nt!NtNotifyChangeKey
82ab9050  82c34f39 nt!NtNotifyChangeMultipleKeys
82ab9054  82bfbd6b nt!NtNotifyChangeSession
82ab9058  82c7e584 nt!NtOpenDirectoryObject
82ab905c  82d2d995 nt!NtOpenEnlistment
82ab9060  82c4bb92 nt!NtOpenEvent
82ab9064  82d46169 nt!NtOpenEventPair
82ab9068  82c6db10 nt!NtOpenFile
82ab906c  82cf2ca5 nt!NtOpenIoCompletion
82ab9070  82d1b057 nt!NtOpenJobObject
82ab9074  82c87642 nt!NtOpenKey
82ab9078  82c4badd nt!NtOpenKeyEx
82ab907c  82d4649f nt!NtOpenKeyedEvent
82ab9080  82c0b169 nt!NtOpenKeyTransacted
82ab9084  82c0b0f9 nt!NtOpenKeyTransactedEx
82ab9088  82c9d0e2 nt!NtOpenMutant
82ab908c  82c144b2 nt!NtOpenObjectAuditAlarm
82ab9090  82c15f07 nt!NtOpenPrivateNamespace
82ab9094  82c4d9dc nt!NtOpenProcess
82ab9098  82c9ffff nt!NtOpenProcessToken
82ab909c  82c8db37 nt!NtOpenProcessTokenEx
82ab90a0  82bb90c7 nt!NtOpenResourceManager
82ab90a4  82ca5674 nt!NtOpenSection
82ab90a8  82c210c6 nt!NtOpenSemaphore
82ab90ac  82cc2977 nt!NtOpenSession
82ab90b0  82c89b6f nt!NtOpenSymbolicLinkObject
82ab90b4  82c99d87 nt!NtOpenThread
82ab90b8  82cb42e4 nt!NtOpenThreadToken
82ab90bc  82c8dc4e nt!NtOpenThreadTokenEx
82ab90c0  82d45e0f nt!NtOpenTimer
82ab90c4  82d2e6f1 nt!NtOpenTransaction
82ab90c8  82d2f989 nt!NtOpenTransactionManager
82ab90cc  82c1f506 nt!NtPlugPlayControl
82ab90d0  82c7c970 nt!NtPowerInformation
82ab90d4  82d2e2a2 nt!NtPrepareComplete
82ab90d8  82d2dfc2 nt!NtPrepareEnlistment
82ab90dc  82d2e35a nt!NtPrePrepareComplete
82ab90e0  82d2e07a nt!NtPrePrepareEnlistment
82ab90e4  82c3293f nt!NtPrivilegeCheck
82ab90e8  82c01f60 nt!NtPrivilegedServiceAuditAlarm
82ab90ec  82c1ca51 nt!NtPrivilegeObjectAuditAlarm
82ab90f0  82d300e4 nt!NtPropagationComplete
82ab90f4  82d301aa nt!NtPropagationFailed
82ab90f8  82c7e403 nt!NtProtectVirtualMemory
82ab90fc  82ccf5a7 nt!NtPulseEvent
82ab9100  82c939a1 nt!NtQueryAttributesFile
82ab9104  82d40a3e nt!NtQueryBootEntryOrder
82ab9108  82d40e83 nt!NtQueryBootOptions
82ab910c  82afed34 nt!NtQueryDebugFilterState
82ab9110  82cb2b8c nt!NtQueryDefaultLocale
82ab9114  82bdef5c nt!NtQueryDefaultUILanguage
82ab9118  82c6fd11 nt!NtQueryDirectoryFile
82ab911c  82c949f0 nt!NtQueryDirectoryObject
82ab9120  82d41381 nt!NtQueryDriverEntryOrder
82ab9124  82bcdb4a nt!NtQueryEaFile
82ab9128  82c3681e nt!NtQueryEvent
82ab912c  82cbc5d5 nt!NtQueryFullAttributesFile
82ab9130  82c2824c nt!NtQueryInformationAtom
82ab9134  82d2dba2 nt!NtQueryInformationEnlistment
82ab9138  82c916d5 nt!NtQueryInformationFile
82ab913c  82cc80ff nt!NtQueryInformationJobObject
82ab9140  82d057d4 nt!NtQueryInformationPort
82ab9144  82c72644 nt!NtQueryInformationProcess
82ab9148  82d2f5fe nt!NtQueryInformationResourceManager
82ab914c  82c98d6d nt!NtQueryInformationThread
82ab9150  82c8e06e nt!NtQueryInformationToken
82ab9154  82d2e8e4 nt!NtQueryInformationTransaction
82ab9158  82bb8bcf nt!NtQueryInformationTransactionManager
82ab915c  82b4fe81 nt!NtQueryInformationWorkerFactory
82ab9160  82c1ac3f nt!NtQueryInstallUILanguage
82ab9164  82d46e6b nt!NtQueryIntervalProfile
82ab9168  82cf2d68 nt!NtQueryIoCompletion
82ab916c  82c87cae nt!NtQueryKey
82ab9170  82c3de8d nt!NtQueryLicenseValue
82ab9174  82c1ccc0 nt!NtQueryMultipleValueKey
82ab9178  82d4657c nt!NtQueryMutant
82ab917c  82c3ced6 nt!NtQueryObject
82ab9180  82cd7b05 nt!NtQueryOpenSubKeys
82ab9184  82cc5df8 nt!NtQueryOpenSubKeysEx
82ab9188  82c4c277 nt!NtQueryPerformanceCounter
82ab918c  82d182c4 nt!NtQueryPortInformationProcess
82ab9190  82cf4349 nt!NtQueryQuotaInformationFile
82ab9194  82cb29e6 nt!NtQuerySection
82ab9198  82c322d0 nt!NtQuerySecurityAttributesToken
82ab919c  82c35e4c nt!NtQuerySecurityObject
82ab91a0  82d3f3fc nt!NtQuerySemaphore
82ab91a4  82c89c15 nt!NtQuerySymbolicLinkObject
82ab91a8  82d3f5d3 nt!NtQuerySystemEnvironmentValue
82ab91ac  82d3fbc7 nt!NtQuerySystemEnvironmentValueEx
82ab91b0  82c6bcd4 nt!NtQuerySystemInformation
82ab91b4  82ca4ddd nt!NtQuerySystemInformationEx
82ab91b8  82cb2af7 nt!NtQuerySystemTime
82ab91bc  82d45ece nt!NtQueryTimer
82ab91c0  82c28729 nt!NtQueryTimerResolution
82ab91c4  82c86405 nt!NtQueryValueKey
82ab91c8  82c976a7 nt!NtQueryVirtualMemory
82ab91cc  82c922c8 nt!NtQueryVolumeInformationFile
82ab91d0  82c37caa nt!NtQueueApcThread
82ab91d4  82c33e67 nt!NtQueueApcThreadEx
82ab91d8  82a7bd54 nt!NtRaiseException
82ab91dc  82c130a3 nt!NtRaiseHardError
82ab91e0  82c9dc8c nt!NtReadFile
82ab91e4  82bd36a7 nt!NtReadFileScatter
82ab91e8  82d2e580 nt!NtReadOnlyEnlistment
82ab91ec  82d058b9 nt!NtReadRequestData
82ab91f0  82c9b82c nt!NtReadVirtualMemory
82ab91f4  82d2db46 nt!NtRecoverEnlistment
82ab91f8  82be388c nt!NtRecoverResourceManager
82ab91fc  82be5128 nt!NtRecoverTransactionManager
82ab9200  82d2ff38 nt!NtRegisterProtocolAddressInformation
82ab9204  82d1909c nt!NtRegisterThreadTerminatePort
82ab9208  82c6c0ed nt!NtReleaseKeyedEvent
82ab920c  82c64873 nt!NtReleaseMutant
82ab9210  82c4eb6a nt!NtReleaseSemaphore
82ab9214  82abec28 nt!NtReleaseWorkerFactoryWorker
82ab9218  82c41a8e nt!NtRemoveIoCompletion
82ab921c  82c3ca8e nt!NtRemoveIoCompletionEx
82ab9220  82ce9c81 nt!NtRemoveProcessDebug
82ab9224  82cd7d4b nt!NtRenameKey
82ab9228  82d2fbd4 nt!NtRenameTransactionManager
82ab922c  82cd7898 nt!NtReplaceKey
82ab9230  82b173d3 nt!NtReplacePartitionUnit
82ab9234  82c2ca3d nt!NtReplyPort
82ab9238  82c745e2 nt!NtReplyWaitReceivePort
82ab923c  82c74165 nt!NtReplyWaitReceivePortEx
82ab9240  82d05a85 nt!NtReplyWaitReplyPort
82ab9244  82cbc435 nt!NtRequestPort
82ab9248  82c798d9 nt!NtRequestWaitReplyPort
82ab924c  82c17ec3 nt!NtResetEvent
82ab9250  82b25c18 nt!NtResetWriteWatch
82ab9254  82ccd904 nt!NtRestoreKey
82ab9258  82d198fd nt!NtResumeProcess
82ab925c  82cac34b nt!NtResumeThread
82ab9260  82d2e636 nt!NtRollbackComplete
82ab9264  82d2e1ea nt!NtRollbackEnlistment
82ab9268  82be1c7c nt!NtRollbackTransaction
82ab926c  82d2fd36 nt!NtRollforwardTransactionManager
82ab9270  82ccf176 nt!NtSaveKey
82ab9274  82cce91c nt!NtSaveKeyEx
82ab9278  82cd6bbb nt!NtSaveMergedKeys
82ab927c  82c99dbc nt!NtSecureConnectPort
82ab9280  82bc6f07 nt!NtSerializeBoot
82ab9284  82d40c7f nt!NtSetBootEntryOrder
82ab9288  82d4116b nt!NtSetBootOptions
82ab928c  82d18cff nt!NtSetContextThread
82ab9290  82bac9bd nt!NtSetDebugFilterState
82ab9294  82bca895 nt!NtSetDefaultHardErrorPort
82ab9298  82bdece1 nt!NtSetDefaultLocale
82ab929c  82bdf250 nt!NtSetDefaultUILanguage
82ab92a0  82d41bf5 nt!NtSetDriverEntryOrder
82ab92a4  82cf3dda nt!NtSetEaFile
82ab92a8  82c656de nt!NtSetEvent
82ab92ac  82d3f0b7 nt!NtSetEventBoostPriority
82ab92b0  82d46435 nt!NtSetHighEventPair
82ab92b4  82d46367 nt!NtSetHighWaitLowEventPair
82ab92b8  82cea3b9 nt!NtSetInformationDebugObject
82ab92bc  82d2ddea nt!NtSetInformationEnlistment
82ab92c0  82c9275c nt!NtSetInformationFile
82ab92c4  82c37cce nt!NtSetInformationJobObject
82ab92c8  82cd73ad nt!NtSetInformationKey
82ab92cc  82c44314 nt!NtSetInformationObject
82ab92d0  82c74603 nt!NtSetInformationProcess
82ab92d4  82d2f80c nt!NtSetInformationResourceManager
82ab92d8  82ca5aaf nt!NtSetInformationThread
82ab92dc  82c3f780 nt!NtSetInformationToken
82ab92e0  82d2f146 nt!NtSetInformationTransaction
82ab92e4  82d2fdfb nt!NtSetInformationTransactionManager
82ab92e8  82ae8362 nt!NtSetInformationWorkerFactory
82ab92ec  82d46e48 nt!NtSetIntervalProfile
82ab92f0  82c1fb82 nt!NtSetIoCompletion
82ab92f4  82cf2e8e nt!NtSetIoCompletionEx
82ab92f8  82d1ad17 nt!NtSetLdtEntries
82ab92fc  82d463d2 nt!NtSetLowEventPair
82ab9300  82d462fc nt!NtSetLowWaitHighEventPair
82ab9304  82cf495f nt!NtSetQuotaInformationFile
82ab9308  82c3d626 nt!NtSetSecurityObject
82ab930c  82d3f8cd nt!NtSetSystemEnvironmentValue
82ab9310  82d3fedf nt!NtSetSystemEnvironmentValueEx
82ab9314  82c8a0ee nt!NtSetSystemInformation
82ab9318  82d5cd7a nt!NtSetSystemPowerState
82ab931c  82ccbe70 nt!NtSetSystemTime
82ab9320  82cd2b4d nt!NtSetThreadExecutionState
82ab9324  82abed52 nt!NtSetTimer
82ab9328  82ad14b9 nt!NtSetTimerEx
82ab932c  82c2cb3e nt!NtSetTimerResolution
82ab9330  82bce2d7 nt!NtSetUuidSeed
82ab9334  82c46427 nt!NtSetValueKey
82ab9338  82cf4979 nt!NtSetVolumeInformationFile
82ab933c  82d3e5ad nt!NtShutdownSystem
82ab9340  82c4e9b7 nt!NtShutdownWorkerFactory
82ab9344  82b08701 nt!NtSignalAndWaitForSingleObject
82ab9348  82d2e4ca nt!NtSinglePhaseReject
82ab934c  82d46b84 nt!NtStartProfile
82ab9350  82d46d7b nt!NtStopProfile
82ab9354  82d1989f nt!NtSuspendProcess
82ab9358  82cd0e2d nt!NtSuspendThread
82ab935c  82cc1464 nt!NtSystemDebugControl
82ab9360  82c2e36f nt!NtTerminateJobObject
82ab9364  82c969bf nt!NtTerminateProcess
82ab9368  82cb4334 nt!NtTerminateThread
82ab936c  82cabafa nt!NtTestAlert
82ab9370  82b0e75f nt!NtThawRegistry
82ab9374  82d2f478 nt!NtThawTransactions
82ab9378  82c8b9bb nt!NtTraceControl
82ab937c  82b016a0 nt!NtTraceEvent
82ab9380  82d41df9 nt!NtTranslateFilePath
82ab9384  82d0574b nt!NtUmsThreadYield
82ab9388  82cf51cf nt!NtUnloadDriver
82ab938c  82cc4503 nt!NtUnloadKey
82ab9390  82cc451d nt!NtUnloadKey2
82ab9394  82cd6d53 nt!NtUnloadKeyEx
82ab9398  82c41eaf nt!NtUnlockFile
82ab939c  82a57b17 nt!NtUnlockVirtualMemory
82ab93a0  82ca063a nt!NtUnmapViewOfSection
82ab93a4  82d33769 nt!NtVdmControl
82ab93a8  82ce9ed7 nt!NtWaitForDebugEvent
82ab93ac  82c6be16 nt!NtWaitForKeyedEvent
82ab93b0  82c64435 nt!NtWaitForMultipleObjects
82ab93b4  82d0f904 nt!NtWaitForMultipleObjects32
82ab93b8  82c63ae7 nt!NtWaitForSingleObject
82ab93bc  82abe7b1 nt!NtWaitForWorkViaWorkerFactory
82ab93c0  82d46293 nt!NtWaitHighEventPair
82ab93c4  82d4622a nt!NtWaitLowEventPair
82ab93c8  82af74b4 nt!NtWorkerFactoryWorkerReady
82ab93cc  82caaf2b nt!NtWriteFile
82ab93d0  82bdb2f7 nt!NtWriteFileGather
82ab93d4  82d05926 nt!NtWriteRequestData
82ab93d8  82c9b71c nt!NtWriteVirtualMemory
82ab93dc  82a665c5 nt!NtYieldExecution
References
- ↑ "Windows rootkits of 2005, part one". Symantec. 2005.
- 1 2 "Attack defeats 'most' antivirus software". ZD Net UK. 2010.
This article is issued from Wikipedia - version of the Sunday, January 03, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.