RkUnhooker 3.8 SR2 public beta test

Forum for announcements and questions about tools and software.

Re: RkUnhooker 3.8 SR2 public beta test

Postby STRELiTZIA » Sat Dec 25, 2010 4:44 pm

Hi,
Thanks. Try this one.

Retested (Win XP SP3/Win7) --->> status fixed.

Regards.
User avatar
STRELiTZIA
 
Posts: 103
Joined: Sun Mar 14, 2010 7:02 am
Reputation point: 82

Re: RkUnhooker 3.8 SR2 public beta test

Postby Meriadoc » Sun Dec 26, 2010 6:18 am

Thanks for the updates and additions, working great here :)
User avatar
Meriadoc
 
Posts: 195
Joined: Sat Mar 13, 2010 7:36 pm
Location: Cymru
Reputation point: 87

Re: RkUnhooker 3.8 SR2 public beta test

Postby EP_X0FF » Sun Dec 26, 2010 7:38 am

Thanks for tests and feedback. Minor fix will be released after NY.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 457

Re: RkUnhooker 3.8 SR2 public beta test

Postby Every1is= » Thu Dec 30, 2010 8:54 pm

RKUnhookerLE.rar
Standalone exe
(126.26 KiB) Downloaded 18 times
Running the one above on a Vista x32 system, runs a process without window, unable to kill proces itself. That last bit is probably by design I guess, but the no window bit... ?

RkU3.8.389.592.rar
RkUnhooker v3.8 SR2 25.12.2010
(619.84 KiB) Downloaded 39 times
Until I have time to reboot, I can install but not run this version because the other process is already running of course ;-)

Nope. Both run as a process in task manager or procexp, but 1 of the cores is being utilized 100% continuously by that process. It is not in the applications list and doesn't show a window to interact with. Previous versions worked. I installed threatfire on that system too (win vista ultimate x32) so will remove that first and try again.
Every1is=
 
Posts: 36
Joined: Tue Aug 03, 2010 11:27 am
Reputation point: 0

Re: RkUnhooker 3.8 SR2 public beta test

Postby nullptr » Fri Dec 31, 2010 1:57 am

Every1is= wrote: I installed threatfire on that system too (win vista ultimate x32) so will remove that first and try again.

Threatfire will always cause problems with most ARKs. Exit the Threatfire GUI and end the Threatfire Service before running.
nullptr
 
Posts: 196
Joined: Sun Mar 14, 2010 6:35 am
Reputation point: 97

Re: RkUnhooker 3.8 SR2 public beta test

Postby EP_X0FF » Fri Dec 31, 2010 5:02 am

This is caused by ThreatFire CreateRemoteThread hook.

Here is normal function

Image

And that with ThreatFire.

Image

RkU hooks CreateRemoteThread inside itself to provide self-protection compatibility with Win32 subsystem notification. It can't hook normally such destroyed code.
Perhaps I will add flag to command line to start without self-protection. However I would not recommend anyone use TF because of this perversion. It hooks numerous API in user mode (including ANSI/Unicode standalone hooks), so whole kernel32.dll is trashed.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 457

Re: RkUnhooker 3.8 SR2 public beta test

Postby liangtong » Sun Jan 02, 2011 5:29 am

Minidump attached.BSOD with stealth code scanning.
Last edited by EP_X0FF on Mon Jan 03, 2011 7:48 am, edited 1 time in total.
Reason: removed attach
liangtong
 
Posts: 20
Joined: Mon Mar 15, 2010 4:53 am
Reputation point: 5

Re: RkUnhooker 3.8 SR2 public beta test

Postby EP_X0FF » Sun Jan 02, 2011 5:44 am

Invalid memory referenced while reading from kernel space. Cannot be fixed right now because it is too specific - I don't know when this event occurred and what this routine is tried to read.
However if this bug appears continuously I need to know more details to reproduce it here.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 457

Re: RkUnhooker 3.8 SR2 public beta test

Postby EP_X0FF » Mon Jan 03, 2011 8:01 am

Minor update.

changelog:
fixed: STRELiTZIA discovered bugs (more of same kind)
fixed: ThreatFire caused bugs

Image

MD5 for RkU3.8.389.592.exe
9953e08a9669f70ffb1d1b3dca1c583f

SHA-512 for RkU3.8.389.592.exe
32b80bc8b4d49ef3f254f0e41a6897670c6eb93401fddb85985a226b98ee89b6
fc822a57628d416b54964d1ec40c68f8069ac532549aa5c1c2aeff7f60eab9b3


MD5 for RkUnhookerLE.exe
e74bfded61b0b9a97ff8077c8ba2aa41

SHA-512 for RkUnhookerLE.exe
0f08a78329f8224a81a25a8008e9caa17ccd4b4abdc986ccf407aa99d3899f98
bc51ec5e6ce84f93521ab2bcbf2eb7e56228352a68aad2953ff4850a1e79c952
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 457

Re: RkUnhooker 3.8 SR2 public beta test

Postby liangtong » Mon Jan 03, 2011 8:09 am

Well,BSOD in stealth code scan cannot be reproduced :oops: .
liangtong
 
Posts: 20
Joined: Mon Mar 15, 2010 4:53 am
Reputation point: 5

PreviousNext

Return to Tools/Software

Who is online

Users browsing this forum: No registered users and 1 guest