Advanced versions can also disable or bypass (detour patches) and Kernel Callbacks used by rootkits.
Right-click Command Prompt → Run as administrator. Rkdumper Download
: It allows you to pull a complete copy of the factory firmware from a device, which can be a lifesaver if you need to restore a "bricked" unit and no official download is available. Advanced versions can also disable or bypass (detour
: Automatically identifies and saves partitions as individual .img files. The author does not condone illegal use of Rkdumper
Rkdumper v1.0 - Scanning for hidden processes [!] Hidden process found: 0xFFFFFA8002C4B060 1234 "evil.sys" (not in linked list) [*] SSDT hook detected at index 0x55 (NtQuerySystemInformation)
Ensure your drivers are installed and the device is actually in Loader mode. Check Windows Device Manager for "Rockusb Device." Read Errors (0xCC):
This article is for educational purposes. The author does not condone illegal use of Rkdumper.