arkitlib (open-source rootkit detection library)
Publicado: 06 Dic 2011, 02:38
[Enlace externo eliminado para invitados]ARKit is an open-source rootkit detection library for Microsoft Windows. ARKit has two components:
1. ARKitLib - A Win32/C++ static library that exposes various methods to scan system and detect rootkits
2. ARKitDrv - A device driver that actually implements methods to scan and detect rootkits
Currently, ARKit has following features:
1. Process scanning – Detect all running processes (hidden and visible)
2. DLL scanning – Detect DLLs loaded in a process
3. Driver scanning – Detect all loaded drivers (hidden and visible)
4. SSDT hook detection
5. Sysenter hook detection
6. Kernel inline hook detection
ARKit works on 32-bit flavors of Windows 2000, XP, 2003 and Vista. It has not been tested on Windows 2008 and Windows 7 yet.
Saludos !