Hello, during the rootkit analizing I found RKU bug, that allows to hide hooks from that fonderful antirootkit, that 's not a joke! I reversed the great peice of code that parsed VadRoot in EPROCESS, and I'm ready to contact with the developers and report them where the problem is. It is quite easy to fix that, but for now I tested the last version of RKU and that version had that bug. By the way, if it's possible, I wuold like to communicote with RKU developers in russian...
A forum for reverse engineering, OS internals and malware analysis
rku developer is EP_X0FF, you can contact with him through PM .
- Individuality
Nobody answed. Maybe the project is not supported already, I don't know. But maybe developers prefer to fix bugs after exploits are avaliable or maybe my bad english is the reason.
ARCHANGEL wrote:Nobody answed. Maybe the project is not supported already, I don't know. But maybe developers prefer to fix bugs after exploits are avaliable or maybe my bad english is the reason.The project is currently supported - perhaps wait a couple more days for a response? Maybe EP_X0FF has not yet read your Private Message.
Thanks,
--AD
@ARCHANGEL
I've contacted with you via PM, native language should be accessible.
I've contacted with you via PM, native language should be accessible.
Ring0 - the source of inspiration
