Malware Dynamic Analysis with SSDT View
SSDT View has a set of categories.
One is the service or function.
the other is the module or the owner of the service or function.
Finally, there is an indicator that indicates whether or not the service is hooked.
#tip: any service not owned by ntoskrnl.exe module is regarded hooked and malicious.