Swatkat's rants

Sunday, 25 July 2010

ARKit - An open-source rootkit detection library for Windows

Posted on 08:18 by Unknown

ARKit is an open-source rootkit detection library for Microsoft Windows. ARKit has two components:

ARKitLib - A Win32/C++ static library that exposes various methods to scan system and detect rootkits
ARKitDrv - A device driver that actually implements methods to scan and detect rootkits

Currently, ARKit has following features:

Process scanning – Detect all running processes (hidden and visible)
DLL scanning – Detect DLLs loaded in a process
Driver scanning – Detect all loaded drivers (hidden and visible)
SSDT hook detection
Sysenter hook detection
Kernel inline hook detection

ARKit works on 32-bit flavors of Windows 2000, XP, 2003 and Vista. It has not been tested on Windows 2008 and Windows 7 yet.

For more information on ARKit project, please visit:

http://code.google.com/p/arkitlib/

Email This BlogThis!Share to X Share to Facebook Share to Pinterest

Posted in | No comments

Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

Ax Video Plugin

Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
Spyware Guard 2008

Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuar...
Javacool EULAlyzer!

Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
Zlob brings back fake MP3s!

Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
Myphonegames.co.uk hacked?!

It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. A...
twitcurl - C++ twitter API library

twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
DomPlayer - Rogue Multimedia Player

DomPlayer is a new rogue multimedia player on the loose. The gang behind DomPlayer is making use of fake video files (available as torrents)...
Some new malware - a.exe, gop.exe etc

We have some "new" malware this time, ranging from trojans to rootkits. One of them is a trojan which detected by some of the AVs ...
ThinkPoint rogue antivirus

ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
Removing Mailbot.AZ (aka Rustok.A) Rootkit

Mailbot.AZ (also known as PE386 or Rustock.A) is a kernel mode rootkit backdoor virus. It contains only one file-its driver-and it is stored...

Categories

a.exe
Autohotkey
C++
fake mp3 downloads
gop.exe
NewMediaCodec
OAuth
Orkut hating virus
Privacy Protector
rootkit
SysProt AntiRootkit
TDSServ rootkit removal
twitCurl
twitter
Udefender
Ultimate Cleaner
vdo_
Zlob
Zlob rootkit

Blog Archive

► 2013 (1)
- ► June (1)

▼ 2010 (6)
- ► October (2)
- ► September (2)
- ▼ July (1)
  - ARKit - An open-source rootkit detection library f...
- ► April (1)

► 2009 (12)
- ► September (1)
- ► May (1)
- ► April (1)
- ► March (4)
- ► January (5)

► 2008 (44)
- ► December (6)
- ► November (6)
- ► October (4)
- ► September (15)
- ► August (2)
- ► June (2)
- ► May (1)
- ► April (1)
- ► March (6)
- ► January (1)

► 2007 (38)
- ► December (1)
- ► November (2)
- ► October (9)
- ► September (2)
- ► August (8)
- ► July (11)
- ► June (3)
- ► March (2)

► 2006 (6)
- ► September (1)
- ► August (2)
- ► May (1)
- ► February (2)

► 2005 (30)
- ► December (2)
- ► November (2)
- ► October (4)
- ► September (5)
- ► August (11)
- ► July (6)

Powered by Blogger.

About Me

Unknown

View my complete profile