NtWarden Windows Analysis and Research Toolkit

Skill by ara.so — Daily 2026 Skills collection.

NtWarden is a Windows system inspection tool built on ImGui + DirectX 11. It covers processes, services, network, kernel internals, ETW, registry, object manager, and more — locally or remotely via WinSysServer. A kernel driver (KWinSys) enables deep kernel-mode analysis including SSDT hooks, kernel callbacks, EPT hook detection, and driver integrity checks.

Architecture

Component	Role
NtWarden	GUI app (ImGui + DirectX 11)
WinSys	Static lib — process, service, network enumeration
KWinSys	Kernel driver — callbacks, SSDT, kernel modules, pool, etc.
WinSysServer	Headless TCP server for remote inspection

Installs

364

Repository

aradotso/trending-skills

GitHub Stars

First Seen

Apr 14, 2026

Security Audits

Gen Agent Trust HubFail

SocketWarn

SnykWarn