KernelLoader
Windows 10/11 unsigned kernel driver load/debugging
Install / Use
/learn @Soju06/KernelLoaderREADME
KernelLoader
KernelLoader is a simple tool to load and debug unsigned kernel.
Usage
Usage:
-l, --load [driver path] [driver name]
Load the driver.
Options:
-o, --overwrite
If the driver already exists, exit and overwrite it.
-w, --watch
Quickly reload drivers from a prompt when needed.
-u, --unload [driver name]
Delete the driver.
Global Options:
-s, --status [driver name]
Print the drivers service status.
-i, --ignore-signatures
Install services to ignore kernel driver signatures. (powered by Wind64)
-r, --uninstall-ignore-signatures
Remove services that ignore signatures of kernel drivers. (powered by Wind64)
Examples
Watch Mode
Here is an example of loading ../EasyShield.sys with Watch mode and signature ignore.
If signature ignore is enabled and an anti-cheat is running during Watch mode, a flag may occur. Disable the anti-cheat to debug the driver.
To use this feature, the driver must support the SERVICE_ACCEPT_STOP control.
To support the SERVICE_ACCEPT_STOP control, refer to here.
kernelLoader.exe -l ../EasyShield.sys EasyShield2 -w -i
[+] EasyShield2 driver loaded successfully.
[*] Press the 'R' key to reload the driver.
Press the 'S' key to print the service status.
Press the 'Q' key to exit the loop.
Press the 'X' key to delete the driver and exit the loop.
21:59:07:
If you press the S key, you can check the service status as follows.
[+] EasyShield2 Service Status :
------------------------------------------------------
Type : SERVICE_KERNEL_DRIVER
Status : RUNNING
------------------------------------------------------
Wait Hint : 0ms
Checkpoint : 0
Controls Accepted : SERVICE_ACCEPT_STOP
------------------------------------------------------
Exit Code (Win32) : 0x00000000
Exit Code (Service) : 0x00000000
------------------------------------------------------
[*] Press the 'R' key to reload the driver.
Press the 'S' key to print the service status.
Press the 'Q' key to exit the loop.
Press the 'X' key to delete the driver and exit the loop.
21:59:45:
How to support SERVICE_ACCEPT_STOP control
You can specify a callback function in PDRIVER_OBJECT->DriverUnload.
VOID OnUnload(PDRIVER_OBJECT driverObject) {
UNREFERENCED_PARAMETER(driverObject);
DbgPrintEx(0, 0, "[*] Device unloaded.\n");
}
NTSTATUS DriverEntry(
PDRIVER_OBJECT driverObject,
PUNICODE_STRING registryPath
) {
UNREFERENCED_PARAMETER(registryPath);
DbgPrintEx(0, 0, "[*] Device loaded.\n");
driverObject->DriverUnload = OnUnload;
return STATUS_SUCCESS;
}
Related Skills
node-connect
344.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
99.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
344.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
344.4kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
