XYHD.TV

HD. It's not just our passion, it's in our genes…

Running Unsigned Drivers in Vista Service Pack 1 (SP1)

A new software tool has been released by Linchpin Labs that allows the loading of unsigned and legacy drivers on Windows XP, 2003, and most importantly Vista

This is even more useful as Vista Service Pack 1 will not load unsigned drivers or run unsigned installs unless you are holding the F8 key during the install. 

Atsiv is a command line tool that allows for the loading of unsigned and legacy drivers into 32 and 64 bit versions of Windows XP, 2003, and Vista.

As the developers have acknowledged, this isn’t the first tool to allow for the loading of unsigned drivers, but it is one of the first (if not the first) to use a signed system component to load an unsigned component.

To gain access to the full features of Atsiv, the user operating the tool is required to have Administrator privileges before starting the tool.

While Atsiv appears to be a top quality tool for the loading of unsigned drivers, it won’t add the newly loaded driver to the standard drivers list, nor is it completely loaded into memory (for example, the DOS header is not loaded). This isn’t necessary a drawback, depending on the intent of the person who is using it to load a driver.

 

imageAtsiv also ignores any dependencies that a driver might have, so it is necessary to ensure any dependencies are preloaded before attempting to load a driver that requires them. It also allows the same driver to be loaded multiple times in memory, potentially leading to interesting cases where multiple instances of a driver are fighting over the same information.

Running Unsigned Drivers in Vista Service Pack 1 (SP1) using Atsiv

Usage
Usage: Atsiv [-f | -r | -u | -l | -v] [FileName | RegistryPath].

Loading Drivers from Filename (-f FileName.sys)
Atsiv will load the driver (FileName.sys) into memory, create a default registry key and DriverObject, and then invoke the driver?s DriverEntry routine passing in the created registry path and DriverObject. If no path is specified then Atsiv will attempt to load the driver (FileName.sys) from the current directory.

Loading Drivers from Registry (-r DriverRegistryEntry)
Atsiv will read the driver?s registry values from the service key and load the associated driver. Note the registry key must have been created prior to running Atsiv and the key must be in the form ?\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\DriverKeyName?.

Listing Loaded Drivers (-l or -v)
The ?l or the ?v switch will list loaded drivers. If the ?l switch is used only the driver name is displayed. The ?v switch is used to display verbose information including the driver name and the registry path. Atsiv will only list drivers loaded by Atsiv.

Unloading Drivers (-u LoadedDriverName.sys)
If the Atsiv loaded driver has an unload routine then it will be invoked before the memory is freed. If the driver doesn?t have an unload routine then that driver will be left resident in memory until the system is rebooted. Atsiv will only unload drivers loaded by Atsiv ? to get a list of drivers loaded by Atsiv use the list (-l) command.
Examples

  • Atsiv ?l
    This command lists drivers loaded by Atsiv.
  • Atsiv -u driver.sys
    This command unloads an Atsiv loaded driver called ?driver.sys?.
  • Atsiv -f c:\driver.sys
    This command will load the driver ?C:\driver.sys?.
  • Atsiv -f \??\c:\windows\system32\drivers\driver.sys
    This command will load the driver with the fully qualified name ?\??\c:\windows\system32\drivers\driver.sys?.
  • Atsiv -r \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\Driver
    This command will load the driver listed in the registry key ?\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\Driver?.

Limitations

  • Atsiv doesn?t add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.
  • The loaded driver is not completely loaded into memory – the DOS header for example, is not loaded.
  • Atsiv ignores dependencies and will load a single driver regardless of its dependencies. If a driver has dependencies ensure they have all been loaded prior to loading the driver.
  • If loading by file name a fake registry path is passed in to the drivers DriverEntry routine. Unlike the NT Loader Atsiv allows drivers with the same name to be loaded multiple times. Some drivers are not compatible with multiple instances running.

Related posts:

  1. Windows Vista Service Pack 1 Beta White Paper (Brandon LeBlanc/Windows Vista Team Blog) Windows Vista Service Pack 1 Beta White Paper  —  Windows...
  2. Download Windows Vista SP2 Beta and Windows Server 2008 Service Pack 2 Beta Following the success of Windows Vista Service Pack 1 last...
  3. Vista Ready, Vista Capable, Vista Compliant, and Vista already installed Several people have asked me if I would buy a...
  4. Origami Experience for UMPC’s Running Vista There is a downloadable upgrade for UMPC’s running Vista which...
  5. Microsoft Unveils Exchange Server 2007 Service Pack 1 in Technology Preview (Microsoft) Microsoft Unveils Exchange Server 2007 Service Pack 1 in Technology...

-- Brandon Wirtz

Tags: , ,
Filed in: How To