首页| JavaScript| HTML/CSS| Matlab| PHP| Python| Java| C/C++/VC++| C#| ASP| 其他|
购买积分 购买会员 激活码充值

您现在的位置是:虫虫源码 > C/C++/VC++ > arkit是一个开源的微软Windows Rootkit检测库

arkit是一个开源的微软Windows Rootkit检测库

  • 资源大小:45.39 kB
  • 上传时间:2021-06-30
  • 下载次数:0次
  • 浏览次数:1次
  • 资源积分:1积分
  • 标      签: 检测 开源 一个 微软

资 源 简 介

Introduction ARKit is an open-source rootkit detection library for Microsoft Windows. ARKit has two components: * ARKitLib.lib - A Win32/C++ static library that exposes various methods to scan system and detect rootkits * ARKitDrv.sys - A device driver that actually implements methods to scan and detect rootkits Features Currently, ARKit library has following features: * Process scanning – Detect all running processes (hidden and visible) * DLL scanning – Detect DLLs loaded in a process * Driver scanning – Detect all loaded drivers (hidden and visible) * SSDT hook detection and restoration * Sysenter hook detection * Kernel inline hook detection and restoration Supported Operating Systems ARKit works on 32-bit flavors of Windows 2000, XP, 2003 and Vista. It has not been tested on Windows 2008 and Windows 7 yet. Summary of detection techniques in ARKit Process detection methods: PID brute force (PsLo

文 件 列 表

ARKitTester_Binary
ARKitDrv.sys
ARKitTester.exe

相 关 资 源

您 可 能 感 兴 趣 的

同 类 别 推 荐

VIP VIP
0.158947s