What is ARKit?

ARKit - Rootkit Detection Library

ARKit is an open-source rootkit detection library developed by Swatkat Thinkdigit. It consists of two main components:

Key Features:

• ARKitLib.lib: A Win32/C++ static library with methods to scan and detect rootkits


• ARKitDrv.sys: A device driver implementing rootkit detection methods

Detection Methods:

• PID brute force: PsLookupProcessByProcessId


• TID brute force: PsLookupThreadByThreadId


• Handle table traversing: NtQuerySystemInformation


• DLL detection methods: InMemoryOrderModuleList traversal, VAD tree walking


• Process termination methods: NtTerminateProcess/ZwTerminateProcess, NtTerminateThread/ZwTerminateThread


• Driver detection methods: PsLoadedModuleList traversing, \Driver\ directory traversal, \Device\ directory traversal

Usage:

Using ARKit is straightforward:

• Include ARKitLib.h and ARKitDefines.h in your application source


• Link to ARKitLib.lib and Psapi.lib


• Instantiate an object of ARKitLib class for system data gathering


• Ensure ARKitDrv.sys driver is in the application directory during runtime

ARKit offers a reliable solution for detecting rootkits and ensuring system security. Download ARKit for free from SoftPas and enhance your system's security today.

How Download Works

Go to the Softpas website, press the 'Downloads' button, and pick the app you want to download and install—easy and fast!