Skip to content

cyberark/woarkd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
WOARKD.exe
WOARKD.exe
 
 
WOARKD.exe.config
WOARKD.exe.config
 
 

Repository files navigation

WOARKD (Windows On ARM Rootkit Detector)

Windows On ARM Rootkit Detector is a tool used to detect SSDT Hooking on Windows 11 On ARM64 systems.

Prerequisites

  1. .NET Framework
  2. Test Signing Mode boot option is enabled by running bcdedit.exe /set testsigning on (needs to run in an Administrator shell) Microsoft Documentation for Test Signing mode

Installation Instructions

  1. Download Binaries
  2. Download Keystone Engine DLL and copy keystone.dll to the WOARKD directory
  3. Download Capstone.NET DLLs extract .nuget with a ZIP extractor and copy the following files to the WOARKD directory
    • runtime\win-x64\native\capstone.dll
    • lib\netstandard2.1\Gee.External.Capstone.dll
    • lib\netstandard2.1\Gee.External.Capstone.xml

Contact

You may contact Rotem Salinas or Amir Landau if you have any issues

About

Windows On ARM Rootkit Detector

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published