RkUnhooker Extended Mode BSODs !!!

[ring0_57aR]

RkU? It is a brilliant piece of software. Not perfect, but top notch.

Rootkit Unhooker LE version 3.7.300.509 (build 04.10.2007)

- I activated "Use Extended Mode" & rebooted.
- Everything worked fine
- I tried to de-activate the "Extended Mode"
- I went sadly in a big blasting BSOD. Ouch

I tried both OS:
Windows XP SP2 Home edition
Windows XP SP2 Professional
and VMWare machines

The BLUE SCREEN message was:
---------------------------------------
DRIVER_UNLOADED_WITHOUT_CANCELING_PENDING_OPERATIONS

Stop: 0x000000CE (0xBA342E76, 0x00000008, 0xBA343E76, 0x00000000

rkhdr40.sys

-----------
I cannot de-activate "Extended mode" !!! I have the log saved for anyone interested.


MP_ART, EP_X0FF any ideas ?

[EASTER]

Quote:

MP_ART, EP_X0FF any ideas ?

You might, and i mean MIGHT try to post that concern at SysInternals Forums but i better let you know right now that their accounts have been banned for the time being, but EP still comes in with another name occasionally.

EASTER

[kwismer]

Quote:

Originally Posted by EASTER

You might, and i mean MIGHT try to post that concern at SysInternals Forums but i better let you know right now that their accounts have been banned for the time being, but EP still comes in with another name occasionally.

banned from sysinternals? considering sysinternals was acquired by microsoft and ep was acquired by microsoft, that's really something..

perhaps the OP should just wait until there's an official microsoft branded version of RU released, then there should be a more official avenue through which to obtain support...

[Meriadoc]

Quote:

that's really something..

Nah...not really, what 'EP' does as a pastime is up to 'him'

Quote:

an official microsoft branded version of RkU

lol, yes I'd like to see that.

[fcukdat]

Don't think it will happen folks but just for ya dreamers out there



PS No u can't have it!!!

[EASTER]

Quote:

Originally Posted by fcukdat

Don't think it will happen folks but just for ya dreamers out there

Attachment 199943

PS No u can't have it!!!

Some of us can fortunately

[Longboard]

Quote:

http://www.wilderssecurity.com/attac...hmentid=199943

lol how 'bout dat !!

fcukdat; first time this seen in public outside MS ??
Waaa! I want one.

[fcukdat]

Quote:

Originally Posted by EASTER

Some of us can fortunately

hehe but thats old one...gotta love them
private tools now with added view memory region module

Longboard...M$ no have the latest versions

[ring0_57aR]

Guys, guys.. We are out of topic.

And fcukdat we are jealous of not having these private builds.

We wish for an ultimate RkU version of course.


But the problem remains.. RkU cannot return to simple mode from extended mode.

Someone proposed to terminate with "sc delete" the service.
As far I can understand the service rkhdrv40 is hidden !!!!!!
Why is that?

I can upload the log files after the BSOD for you to examine.....

Cheers..

[fcukdat]

Ok have you tried uninstalling RKU,rebooting and then reinstalling again.This usually resets settings back to default

[Dwarden]

fcukdat these shots look promising ...
i hope that same like with SI tools we get hands on new builds soon(tm)

[ring0_57aR]

Quote:

Originally Posted by Dwarden

fcukdat these shots look promising ...
i hope that same like with SI tools we get hands on new builds soon(tm)

yeah! they are good news.

I hope some builds will come out for the loyal fans out there!

[EASTER]

While moving along with each new version when RKU was progressing along publicly and even now, i used AUTORUNS to delete the driver whatever version, since it was just there and not called on unless you engaged the application to run it, it more or less was just available untill called on instead of producing itself again.

EASTER