Malware Dynamic Analysis with SSDT View

SSDT View by NoVirusThanks is a tool that checks all function inside the SSDT table for possible hooking.

SSDT View has a set of categories.

One is the service or function.

the other is the module or the owner of the service or function.

Finally, there is an indicator that indicates whether or not the service is hooked.

#tip: any service not owned by ntoskrnl.exe module is regarded hooked and malicious.