Atsiv is a command line tool that allows the user to load and unload signed or unsigned drivers on 32 and 64 bit versions of Windows XP, Windows 2K3 and Windows Vista. Atsiv is designed to provide compatibility for legacy drivers and to allow the hobbyist community to run unsigned drivers without rebooting with special boot options or denial of service under Vista.
Run Atsiv (atsiv.exe) from within a Command Prompt to display usage options. You must be running with administrative privileges to run Atsiv. To start a command prompt with administrator privileges click on Windows Start button, go to All Programs and locate the Command Prompt in Accessories menu, right-click on Command Prompt menu item and click the Run as Administrator option.
Usage: Atsiv [-f | -r | -u | -l | -v] [FileName | RegistryPath]
Loading drivers from filename (-f FileName.sys)
Atsiv will load the driver (FileName.sys) into memory, create a default registry key and DriverObject, and then invoke the driver’s DriverEntry routine passing in the created registry path and DriverObject. If no path is specified then Atsiv will attempt to load the driver (FileName.sys) from the current directory.
Loading drivers from registry (-r DriverRegistryEntry)
Atsiv will read the driver’s registry values from the service key and load the associated driver. Note the registry key must have been created prior to running Atsiv and the key must be in the form “\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\DriverKeyName”.
Listing loaded drivers (-l or -v)
The –l or the –v switch will list loaded drivers. If the –l switch is used only the driver name is displayed. The –v switch is used to display verbose information including the driver name and the registry path. Atsiv will only list drivers loaded by Atsiv.
Unloading drivers (-u LoadedDriverName.sys)
If the Atsiv loaded driver has an unload routine then it will be invoked before the memory is freed. If the driver doesn’t have an unload routine then that driver will be left resident in memory until the system is rebooted. Atsiv will only unload drivers loaded by Atsiv – to get a list of drivers loaded by Atsiv use the list (-l) command.
Atsiv Design Information
When Atsiv loads a driver, two arguments are passed into the DriverEntry routine – a registry path and DriverObject. If the driver is being loaded by filename then the Registry Path passed in is Atsiv’s own Registry Path with “\TmpDriver” appended. The DriverObject is an object that is created by Atsiv, with the DriverStart, DriverSection and DriverSize values set to zero.
Atsiv doesn’t add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.
The loaded driver is not completely loaded into memory - the DOS header for example, is not loaded.
Atsiv ignores dependencies and will load a single driver regardless of its dependencies. If a driver has dependencies ensure they have all been loaded prior to loading the driver.
If loading by file name a fake registry path is passed in to the drivers DriverEntry routine. Unlike the NT Loader Atsiv allows drivers with the same name to be loaded multiple times. Some drivers are not compatible with multiple instances running.
We make every effort to provide a safe and reliable tool for loading unsigned drivers on Windows Vista. Atsiv’s loading process however is different to that of the system’s Loader and therefore some drivers may not be compatible and result in a system crash. Atsiv should be used with care.