Jump to content
Tuts 4 You

WinDBG Anti-RootKit (wdbgark)

Teddy Rogers

About This File

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy.


  • Microsoft Visual Studio 2017
  • WDK and SDK for Windows 10, version 1709 (10.0.16299.0)
  • Visual C++ Redistributable for Visual Studio 2017

Supported commands


Supported Targets

  • Microsoft Windows XP (x86)
  • Microsoft Windows 2003 (x86/x64)
  • Microsoft Windows Vista (x86/x64)
  • Microsoft Windows 7 (x86/x64)
  • Microsoft Windows 8.x (x86/x64)
  • Microsoft Windows 10 (x86/x64)

Multiple targets debugging is not supported!

Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

What's New in Version   See changelog


No changelog available for this version.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...