Author Topic: RogueKiller 11 beta  (Read 65153 times)

0 Members and 1 Guest are viewing this topic.

October 01, 2015, 01:38:03 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
RogueKiller 11 beta
« on: October 01, 2015, 01:38:03 PM »
Hello,

RogueKiller 11 is right behind the door :)
We need you to test it before it replaces the official version (currently 10.X.X).

It's quite critical because the only major change is about the Kernel Driver. We have re-coded all the driver from scratch, following best practices to ensure it's compatible with all operating systems (from Windows XP to Windows 10, 32 and 64 bits) and with all environments.

Why is it critical? Because a bug in the Kernel Driver means Blue Screen Of Death, which is not particularly a good thing. Yeah, that's annoying.
So we need as much tests as possible to ensure no bug is left before it's moved in production.




You will find the binaries here:




What's new?

  • Rewritten all kernel code. From scratch.
  • Kernel Hooks detections are now made on userland side, in common with IAT hooks detection. Easier to maintain, more efficient.
  • Minified amount of code on Kernel side for safier code.
  • Driver is now aware of Windows 8/8.1/10.

No big change in the flow, nor in the UI.
The most important occurs while Antirootkit scan => SSDT, Shadow SSDT, IRPs, Filters. IAT scan isn't affected.

I have a BSOD, what do I do?

  • Go in C:/Windows/minidumps, find the file that has been generated (blabla.dmp).
  • Send it to us: http://upload.adlice.com, or attach in comments (it's a small file).

Thanks for your help  8)

Reply #1October 01, 2015, 09:31:09 PM

greysmouth

  • Jr. Member

  • Offline
  • **

  • 61
  • Reputation:
    0
    • View Profile
    • Facebook
Re: RogueKiller 11 beta
« Reply #1 on: October 01, 2015, 09:31:09 PM »
Hi Boss. It doesn't the matter if my PC crashes. Nothing compared to more than ten BSODs after installing Win 10 Pro: that's why it's free! My best regards, greysmouth BO IT.

Reply #2October 05, 2015, 08:43:17 PM

firefoxthebomb

  • Newbie

  • Offline
  • *

  • 13
  • Reputation:
    0
    • View Profile
Re: RogueKiller 11 beta
« Reply #2 on: October 05, 2015, 08:43:17 PM »
Thanks for the opportunity to test this beta out.

I have ran it on a Windows 10 64bit VM not much installed on it.  Any who it did cause an issue where the computer rebooted.  I have attached the minidump file for your review.
Dell Precision T5600, Win7 Ultimate 64bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon E5-2620 CPU, Dual Six Core Process

Reply #3October 05, 2015, 09:40:26 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller 11 beta
« Reply #3 on: October 05, 2015, 09:40:26 PM »
Thanks! :)

Reply #4October 06, 2015, 11:30:24 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller 11 beta
« Reply #4 on: October 06, 2015, 11:30:24 AM »
Thanks for the opportunity to test this beta out.

I have ran it on a Windows 10 64bit VM not much installed on it.  Any who it did cause an issue where the computer rebooted.  I have attached the minidump file for your review.

Hey, I'm loaded the minidump but it doesn't contain much information.
Do you have an idea where it BSoD during the scan?

Reply #5October 06, 2015, 01:39:35 PM

Roger

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    1
    • View Profile
Re: RogueKiller 11 beta
« Reply #5 on: October 06, 2015, 01:39:35 PM »
Hi

Thanks for letting us testing RogueKiller 11 beta, but unfortunately my HP Laptop with Windows 10 installed crashed with.

Attached is the minidump as requested. Renamed from dmp to txt.

Reply #6October 06, 2015, 04:10:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RogueKiller 11 beta
« Reply #6 on: October 06, 2015, 04:10:14 PM »
Hi Roger,

Thanks for the feedback. :)

Regards.

Reply #7October 06, 2015, 04:14:45 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller 11 beta
« Reply #7 on: October 06, 2015, 04:14:45 PM »
Thanks all,
Minidumps were all on same bug: Reading kernel memory in a bad way.

A beta 3 will come soon, I'll keep you informed.

Reply #8October 07, 2015, 09:17:19 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller 11 beta
« Reply #8 on: October 07, 2015, 09:17:19 AM »
Hello,
beta 3 is online (same link, replaces old version)

firefoxthebomb and Roger Schwarz may I ask you to tell me if it crashes again?
Thanks a lot!

Reply #9October 08, 2015, 02:15:35 AM

Roger

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    1
    • View Profile
Re: RogueKiller 11 beta
« Reply #9 on: October 08, 2015, 02:15:35 AM »
Hi

This time with new version 3 it worked without crash, great! The results I have uploaded to your upload directory for review.

Thank you again.
Roger

Reply #10October 08, 2015, 07:37:59 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RogueKiller 11 beta
« Reply #10 on: October 08, 2015, 07:37:59 AM »
Thanks :)
Received your email, IAT hooks are another problem (code is common with version 10) and are fixed on in a different way.
If you can reproduce the Chrome hooks, then it'd be great if you can send a full memory dump of Chrome process (with Process Explorer / Process Hacker)

Reply #11October 08, 2015, 12:01:00 PM

greysmouth

  • Jr. Member

  • Offline
  • **

  • 61
  • Reputation:
    0
    • View Profile
    • Facebook
Re: RogueKiller 11 beta
« Reply #11 on: October 08, 2015, 12:01:00 PM »
Hi. here the last log file running beta 3. Actually, I never had any BSODs since running RK beta in Win 10 Pro enviroment. Regards, greysmouth BO IT.

Reply #12October 08, 2015, 01:40:39 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RogueKiller 11 beta
« Reply #12 on: October 08, 2015, 01:40:39 PM »
Hi greysmouth,

Thanks.
Could you please attach the JSON version of the log in your next reply ?

Regards.

Reply #13October 08, 2015, 05:47:58 PM

greysmouth

  • Jr. Member

  • Offline
  • **

  • 61
  • Reputation:
    0
    • View Profile
    • Facebook
Re: RogueKiller 11 beta
« Reply #13 on: October 08, 2015, 05:47:58 PM »
Hi greysmouth,

Thanks.
Could you please attach the JSON version of the log in your next reply ?

Regards.
I'm not allowed..greysmouth BO IT.

Reply #14October 08, 2015, 06:33:40 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RogueKiller 11 beta
« Reply #14 on: October 08, 2015, 06:33:40 PM »
Hi greysmouth,

Coud you try to rename the .json file to .txt ?

EDIT : You will now normally be able to upload .json files as well.

Regards.
« Last Edit: October 08, 2015, 06:40:06 PM by Curson »