ARKit is an open-source rootkit detection library for Microsoft Windows. ARKit has two components:
- ARKitLib - A Win32/C++ static library that exposes various methods to scan system and detect rootkits
- ARKitDrv - A device driver that actually implements methods to scan and detect rootkits
Currently, ARKit has following features:
- Process scanning – Detect all running processes (hidden and visible)
- DLL scanning – Detect DLLs loaded in a process
- Driver scanning – Detect all loaded drivers (hidden and visible)
- SSDT hook detection
- Sysenter hook detection
- Kernel inline hook detection
ARKit works on 32-bit flavors of Windows 2000, XP, 2003 and Vista. It has not been tested on Windows 2008 and Windows 7 yet.
For more information on ARKit project, please visit:
0 comments:
Post a Comment