View Full Version : Load unsigned drivers on Vista

07-30-07, 06:19 PM
Sounds cool. I'll try it.


• Introduction
• Starting Atsiv
• Usage
• Loading Drivers from Filename (-f FileName.sys)
• Loading Drivers from Registry (-r DriverRegistryEntry)
• Listing Loaded Drivers (-l or -v)
• Unloading Drivers (-u LoadedDriverName.sys)
• Examples
• Reporting Bugs & Feedback
• Atsiv Design Information
• Limitations
• Warning
• Terms of Use
• Atsiv Download

Atsiv is a command line tool that allows the user to load and unload signed or unsigned drivers on 32 and 64 bit versions of Windows XP, Windows 2K3 and Windows Vista. Atsiv is designed to provide compatibility for legacy drivers and to allow the hobbyist community to run unsigned drivers without rebooting with special boot options or denial of service under Vista.

Starting Atsiv
Run Atsiv (atsiv.exe) from within a Command Prompt to display usage options. You must be running with administrative privileges to run Atsiv. To start a command prompt with administrator privileges click on Windows Start button, go to All Programs and locate the Command Prompt in Accessories menu, right-click on Command Prompt menu item and click the Run as Administrator option.


Usage: Atsiv [-f | -r | -u | -l | -v] [FileName | RegistryPath].

Loading Drivers from Filename (-f FileName.sys)
Atsiv will load the driver (FileName.sys) into memory, create a default registry key and DriverObject, and then invoke the driver’s DriverEntry routine passing in the created registry path and DriverObject. If no path is specified then Atsiv will attempt to load the driver (FileName.sys) from the current directory.

Loading Drivers from Registry (-r DriverRegistryEntry)
Atsiv will read the driver’s registry values from the service key and load the associated driver. Note the registry key must have been created prior to running Atsiv and the key must be in the form “\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Servic es\DriverKeyName”.

Listing Loaded Drivers (-l or -v)
The –l or the –v switch will list loaded drivers. If the –l switch is used only the driver name is displayed. The –v switch is used to display verbose information including the driver name and the registry path. Atsiv will only list drivers loaded by Atsiv.

Unloading Drivers (-u LoadedDriverName.sys)
If the Atsiv loaded driver has an unload routine then it will be invoked before the memory is freed. If the driver doesn’t have an unload routine then that driver will be left resident in memory until the system is rebooted. Atsiv will only unload drivers loaded by Atsiv – to get a list of drivers loaded by Atsiv use the list (-l) command.


* Atsiv –l
This command lists drivers loaded by Atsiv.

* Atsiv -u driver.sys
This command unloads an Atsiv loaded driver called “driver.sys”.

* Atsiv -f c:\driver.sys
This command will load the driver “C:\driver.sys”.

* Atsiv -f \??\c:\windows\system32\drivers\driver.sys
This command will load the driver with the fully qualified name “\??\c:\windows\system32\drivers\driver.sys”.

* Atsiv -r \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Service s\Driver
This command will load the driver listed in the registry key “\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Servic es\Driver”.

Reporting Bugs & Feedback
If you encounter a problem while running Atsiv, please visit www.linchpinlabs.com to obtain the latest version. If you still have problems please send any information you have on the problem to info@linchpinlabs.com.

Atsiv Design Information
When Atsiv loads a driver, two arguments are passed into the DriverEntry routine – a registry path and DriverObject. If the driver is being loaded by filename then the Registry Path passed in is Atsiv’s own Registry Path with “\TmpDriver” appended. The DriverObject is an object that is created by Atsiv, with the DriverStart, DriverSection and DriverSize values set to zero.


* Atsiv doesn’t add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.
* The loaded driver is not completely loaded into memory - the DOS header for example, is not loaded.
* Atsiv ignores dependencies and will load a single driver regardless of its dependencies. If a driver has dependencies ensure they have all been loaded prior to loading the driver.
* If loading by file name a fake registry path is passed in to the drivers DriverEntry routine. Unlike the NT Loader Atsiv allows drivers with the same name to be loaded multiple times. Some drivers are not compatible with multiple instances running.

We make every effort to provide a safe and reliable tool for loading unsigned drivers on Windows Vista. Atsiv’s loading process however is different to that of the system’s Loader and therefore some drivers may not be compatible and result in a system crash. Atsiv should be used with care.

Terms of Use
Linchpin Labs and affiliates’ source-code and software may not be used in any product or distributed in any form without written consent. All enquiries should be made to info@linchpinlabs.com.

This software is provided "as is", without warranty or guarantee of any kind. The use of this software is at your own risk. We take no responsibly for any damage that may be caused through its use. THE ENTIRE RISK FROM THE USE OF THIS SOFTWARE REMAINS WITH YOU.

This software is intended for legitimate software debugging purposes only. While using this software you obviously remain bound by all relevant national and international laws. These may include but are not limited to laws relating to copyright and patents, circumventing implementations of encryption or Digital Rights Management, or other unauthorised computer usage. In using this software you hereby agree to do so only in accordance with all laws applying to your jurisdiction.

By using this software you agree to these terms and conditions. If you do not accept these terms, DO NOT USE THIS SOFTWARE.