ARKit – Open Source Rootkit Library

ARKit is an open-source rootkit detection library for Microsoft Windows. ARKit has two components:

  • ARKitLib.lib – A Win32/C++ static library that exposes various methods to scan system and detect rootkits
  • ARKitDrv.sys – A device driver that actually implements methods to scan and detect rootkits


Currently, ARKit library has following features:

  • Process scanning – Detect all running processes (hidden and visible)
  • DLL scanning – Detect DLLs loaded in a process
  • Driver scanning – Detect all loaded drivers (hidden and visible)
  • SSDT hook detection
  • Sysenter hook detection
  • Kernel inline hook detection


Using ARKit

Using ARKit library is quite simple:

  • Include ARKitLib.h and ARKitDefines.h header files in your application source
  • Link to ARKitLib.lib and Psapi.lib
  • Instantiate an object of ARKitLib class and use various member functions to gather system data
  • While running your application, make sure that ARKitDrv.sys driver is in the same directory where application is present



About wikihead

A Seeker. Information Security Professional, Pursuing Life with Ayurveda.
This entry was posted in Resources, security and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s