YDArk is a free and open source for 64-bitWindowsThe kernel auxiliary tool of the system (ARK anti-kernel tool) has functions such as system action monitoring, system kernel viewing, application layer hook scanning, file management, process management, startup item management, registry management, service management, driver module, network management, and system miscellaneous repair. It can be used to view various system information and manage various behaviors of the management system through monitoring.

Open source address: https://github.com/ClownQq/YDArk

Software features

1. ObjectType Hook detection and recovery
2. DPC timer detection and deletion
3. WorkerThread enumeration
4. MBR rootkit detection and repair
5. Some callback information enumeration in Ndis
6. Hardware debugging registers and debugging related API detection
7. Enumerate SFilter's callback
8. System user name detection
9. Process, thread, process module, process window, process memory, hotkey, timer information view, kill process, kill thread, uninstall module and other functions
10. Kernel driver module viewing, support memory copy of kernel driver module
11. SSDT, Shadow SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT information viewing, and can detect and recover ssdt hooks and inline hooks
12. View Notify Routine information such as CreateProcess, CreateThread, LoadImage, Shutdown, and Lego, and support the deletion of these Notify Routines
13. Port information viewing, currently does not support 2000 system
14. Check the message hook
15. Detection and recovery of iat, eat, inline hook, and patches of kernel modules
16. Filter driver detection of disks, volumes, keyboards, network layers, etc., and support deletion
17. Registry editing
18. Process iat, eat, inline hook, patches detection and recovery
19. File system viewing, support basic file operations
20. View (edit) IE plug-ins, SPI, startup items, services, Host files, image hijacking, file associations, and system firewall rules

Support system

●Windows 11 22H2 (Build 22621)
●Windows 10 LTSB 1507(build 10240)-22H2(build 19045)
●Windows Server 2016, Server 2018, Server 2019, Server 2022
●Windows 7 SP1, Windows 8.1 (Build 7600-7601, 9200, 9600)

Software download

●Baidu Netdisk:https://pan.baidu.com/s/1D8fksnIxKdk6g_AW5zhuXg?pwd=1140, extraction code: 1140
●Other network disks:

Imprint

1. This software has a VMProtect shell, and some antivirus software may have false alarms
2. This software is free of charge, commercial use is prohibited, and malicious use is prohibited
3. The VMProtect shell is added to the driver file of this software, and kernel isolation is not supported
4. If the driver file is not signed by the driver, please sign the driver file or turn on the debugging mode. Signed but failed to load the driver, disable Secure Boot or Microsoft Ev signing or virtual machine use

Software screenshot