Skip to content

cyberark/woarkd

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
 
 
WOARKD.exe
 
 
WOARKD.exe.config
 
 
WOARKD (Windows On ARM Rootkit Detector) Prerequisites Installation Instructions Contact

README.md

WOARKD (Windows On ARM Rootkit Detector)

Windows On ARM Rootkit Detector is a tool used to detect SSDT Hooking on Windows 11 On ARM64 systems.

Prerequisites

  1. .NET Framework
  2. Test Signing Mode boot option is enabled by running bcdedit.exe /set testsigning on (needs to run in an Administrator shell) Microsoft Documentation for Test Signing mode

Installation Instructions

  1. Download Binaries
  2. Download Keystone Engine DLL and copy keystone.dll to the WOARKD directory
  3. Download Capstone.NET DLLs extract .nuget with a ZIP extractor and copy the following files to the WOARKD directory
    • runtime\win-x64\native\capstone.dll
    • lib\netstandard2.1\Gee.External.Capstone.dll
    • lib\netstandard2.1\Gee.External.Capstone.xml

Contact

You may contact Rotem Salinas or Amir Landau if you have any issues

About

Windows On ARM Rootkit Detector

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published