A pack containing a library that exposes various methods to scan system and detect rootkits and a device driver that implements methods to scan and detect rootkits. #C++ library #Rootkit detector #Rootkit scanner #Rootkit #Scanner #Scan
ARKit is an open-source rootkit detection library that has two components: ARKitLib.lib - A Win32/C++ static library that exposes various methods to scan system and detect rootkits ARKitDrv.sys - A device driver that actually implements methods to scan and detect rootkits
Process detection methods: PID brute force (PsLookupProcessByProcessId) TID brute force (PsLookupThreadByThreadId) Handle table traversing (NtQuerySystemInformation)
DLL detection methods: InMemoryOrderModuleList traversal in process' PEB VAD tree walking
Process termination methods: NtTerminateProcess/ZwTerminateProcess NtTerminateThread/ZwTerminateThread for all threads of a process
Driver detection methods: PsLoadedModuleList traversing \Driver\ directory traversing in Object Manager \Device\ directory traversing in Object Manager
Using ARKit library is quite simple: Include ARKitLib.h and ARKitDefines.h header files in your application source Link to ARKitLib.lib and Psapi.lib Instantiate an object of ARKitLib class and use various member functions to gather system data While running your application, make sure that ARKitDrv.sys driver is in the same directory where application is present.
- runs on:
-
Windows 2003
Windows Vista
Windows XP
Windows 2K - file size:
- 45 KB
- filename:
- ARKitTester_Binary.zip
- main category:
- Programming
- developer:
- visit homepage
7-Zip
calibre
Bitdefender Antivirus Free
Windows Sandbox Launcher
ShareX
Zoom Client
Context Menu Manager
IrfanView
4k Video Downloader
Microsoft Teams
- IrfanView
- 4k Video Downloader
- Microsoft Teams
- 7-Zip
- calibre
- Bitdefender Antivirus Free
- Windows Sandbox Launcher
- ShareX
- Zoom Client
- Context Menu Manager