Some basic information that might be useful to someone working in security:
- SDT(Segment Descriptor Table)
- GDT(Global Descriptor Table)-OS code and data segments that are not specific to any process
- SDT(Segment Descriptor Table)-process specific segments
- GDTR and LDTR are registers that hold pointers to these tables in memory
- segment descriptor has: Descriptor Table(13 bits), Table selector-GDT or LDT(1 bit), Requester’s priv. Level(2 bits)
- “int <offset>”-x86 soft interrupt instruction, 2e used by windows for syscall, OLD METHOD used by WinNT
- has kernel and usermode stacks
- Windows NT:
- IDT(Interrupt Descriptor Table) contains interrupt gates
- Interrupt Gate-contains index into GDT and ISR offset into a code segment
- uses 8 byte gate descriptor, stored in IDT
- ISR looks @ EAX for syscall number and passes params to respective functions
By: Neil Sikka