Skip to content

eternalklaus/EternalAntirootkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Release
Release
 
 
bin
bin
 
 
docs
docs
 
 
img
img
 
 
src
src
 
 
README.md
README.md
 
 

Repository files navigation

Eternal-Antirootkit

EternalAntirootkit is a Windows anti-rootkit that improves detecting kernel based rootkit process hiding its existance by novel PIDB(Process ID Bruteforce). The details of the algorithm is in our paper, "Study on Detection Method and Development of the Kernel Mode Rootkit" and "Dual-Mode Kernel Rootkit Scan and Recovery with Process ID Brute-Force". This is a stable version of EternalAntirootkit and it currently runs on Windows 10.


Installation

onePunch_antiRootkit.exe: Click the right mouse button and select "Run as administrator".

EternalAntirootkit currently works on only Windows and we tested on Windows 10. As a standalone software you do not need to install it. This program consists of 2 component, Windows system driver (.sys), and Driver loader (.exe). onePunch_antiRootkit.exe loads system driver and scan rootkit.


Demo Video

Senario based demo video.

  • Victim : Infected by rootkit malware and be stolen some data, but remove malware by running EternalAntiRootkit. [Demo]
  • Attacker : After implanting rootkit to victim and steals data, detected by our EternalAntirootkit. [Demo]

About

Anti-rootkit works as a Windows system driver.

Resources

Readme
Activity

Stars

13 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages