systeminformer: Unable to load kernel driver (not yet supported on this kernel version)
Steps preceding reproduction:
- Use SystemInformer normally.
- Click Help -> Check for updates.
- Update downloads, installs.
- Unable to load kernel driver.
- Restart computer.
Steps to reproduce:
- Start System Informer (I’m admin but starting without admin privileges).
- Go to main menu -> System -> Show details of all processes.
- UAC dialog appears, Click YES.
- “Unable to load kernel driver” message appears. More info in [1] and [2].
- System Informer has limited capabilities due to not having access to its kernel driver.
Details:
- System Informer version 3.0.7029 (f647fb0) x64.
- Windows Server 2022 x64, 21H2, 10.0.20348.1906 (running in cloud inside QEMU).
- SystemInformer.exe SHA-1
b09759778099468188434408f929d675ce289b97. - SystemInformer.sys SHA-1
ae6b8522ca5205b4cef89606ea6c7d043e81dc4f. - ntdll.dll SHA-1
4ffc26a940dffa2931923c345eb9824f76dcfca4. - ntoskrnl.exe SHA-1
ecbad74c2629f4dd516c35887b8e5d0b7032b135.
[1]
[Window Title]
System Informer
[Main Instruction]
Unable to load kernel driver
[Content]
Unable to load the kernel driver service.
The request is not supported.
Kernel version: 10.0.20348.1906
State mask: 0x00000000
[ ] Don't show this message again [OK]
[2]
About this issue
- Original URL
- State: open
- Created 10 months ago
- Comments: 139 (98 by maintainers)
10.0.22621.3527,10.0.19041.4355- https://github.com/winsiderss/systeminformer/commit/fc042be5774f278f515f32682b8f41bfd45a9b703.0.7579-Help > Check for updates- 👍10.0.19041.4123,10.0.22621.3235- https://github.com/winsiderss/systeminformer/commit/e904d245241276a6e0677d1283a53a6a6fc63d693.0.7474-Help > Check for updates👍https://github.com/winsiderss/systeminformer/commit/64891545c02c8d329f358ced5a652e6d3d2a48f6 -
3.0.7313-Help > Check for updates👍https://github.com/winsiderss/systeminformer/commit/137cc3a698d5960d68f63b2968a5142e25023f9c adds support for
10.0.19041.3393and10.0.22621.2215Will be in next build 👍
They’re undocumented offsets used for both protections and APIs from the client: https://github.com/winsiderss/systeminformer/blob/4c28c8f7ba396eab1fbc13960e9731203bd60f5d/KSystemInformer/include/dyndata.h#L31-L75
The driver can’t function without them. They’re required for the protections to function correctly. The old driver would load without them, but it was arguably mostly useless without them. There was some functionality without them, but it was a bit non-obvious why some things would work and some wouldn’t. So, during the rewrite we opted to make it a requirement. This come with the benefit that we know where we don’t have support/visibility. Obviously the cost is we have to work harder to have more compatibility.
Because they’re undocumented offsets that are version-specific.
10.0.22621.3527 ntoskrnl.zip
10.0.22621.3447,10.0.20348.2400,10.0.19041.4291- https://github.com/winsiderss/systeminformer/commit/c8725ae77291937d2153df0bc13f16662b0e2f2910.0.17763.5696- https://github.com/winsiderss/systeminformer/commit/999ab695effb67584e98c45d3fc18be19a0fe6e13.0.7566-Help > Check for updates- 👍10.0.22621.3296,10.0.20348.2340,10.0.19041.4170,10.0.17763.5576- https://github.com/winsiderss/systeminformer/commit/fe48085c0642d2acfcda3bacffaf0f285f6b95643.0.7479-Help > Check for updates👍https://github.com/winsiderss/systeminformer/commit/e93bcbaa4670b01e535f0a48b39c944afe273f8b -
10.0.20348.2227,10.0.19041.3930,10.0.22621.3007https://github.com/winsiderss/systeminformer/commit/f94e66766e4951d2835b7449e99cedea3ef5e997 -10.0.17763.53283.0.7429-Help > Check for updates👍Thank you @MagicAndre1981, updated here: https://github.com/winsiderss/systeminformer/commit/e940474fae1300b17bf8e754ed5ade19c9e8f651
See: https://github.com/winsiderss/systeminformer/issues/1823#issuecomment-1693053377
Dyndata format had to change and I went to rebuild all the offsets using some tooling. I missed a few versions. I’ve corrected it already, once a new build is out that kernel will be supported.
Older releases supported it with the older format. But there were bugs.
KB5036892 (OS Builds 19044.4291 and 19045.4291)
KB5036893 (OS Builds 22621.3447 and 22631.3447)
KB5036896 (OS Build 17763.5696)
ntoskrnl_17763.5696.zip
10.0.22621.3374,10.0.19041.4239- https://github.com/winsiderss/systeminformer/commit/3de9d4bf4bb95e598fa4be6fb726f7ec6098ad713.0.7546-Help > Check for updates- 👍this is a Release Preview build which is not supported so this is expected.
10.0.22621.3155,10.0.19041.4046,10.0.20348.2322- https://github.com/winsiderss/systeminformer/commit/220b53dcfaeb3d8c40c6c281bdfac9835f3fd28810.0.17763.5458- https://github.com/winsiderss/systeminformer/commit/da3d348087ae9a33aff69aa40d59d8be3442fed03.0.7459-Help > Check for updates👍Please keep comments on this issue on-topic.
10.0.22621.3085,10.0.19041.3996- https://github.com/winsiderss/systeminformer/commit/3cc2da286e3a696c7d9fe712d792a15e7276699c3.0.7432-Help > Check for updates👍ksi.dll-oldis marked for deletion on reboot since it must remain loaded. My speculation is that one machine had the pending rename operation key corrupted or reverted. Which resulted in the file not being deleted. I can add some logic to try to delete the file if somehow the OS leaves it around after reboot. That should serve as a fallback without needing manual intervention.You need to follow the instructions here for generating your own keys for signing. The driver restricts callers unless you have the correct signatures. You can do plugin development (with restricted access), but realizing now that is somewhat broken with the new dyndata signing workflow 🤔.
Windows 10 21H2 LTSC x64 Kernel 10.0.19041.3693 System Informer 3.0.7310
Error kernel driver not supported on this kernel version.
I agree with earlier idea for error box to link to this issue, maybe it could even auto submit details.
ntoskrnl_10.0.17763.5122 .zip
KB5032190 (OS Builds 22621.2715 and 22631.2715) https://support.microsoft.com/en-us/topic/november-14-2023-kb5032190-os-builds-22621-2715-and-22631-2715-f9e3e13c-5e98-42c2-add8-f075841ca812
KB5032189 (OS Builds 19044.3693 and 19045.3693) https://support.microsoft.com/en-us/topic/november-14-2023-kb5032189-os-builds-19044-3693-and-19045-3693-fe81e7e5-06bd-4e13-8233-4f7c07b1c512
Yep, thanks for calling that out @MagicAndre1981 - the setting names were normalized. Rather bite that bullet now then when we do a full release. Thanks.
Updated here: https://github.com/winsiderss/systeminformer/commit/bc98048099421785ea4a37670d7b57bfb924cda5 Available in:
3.0.7310-Help > Check for updatesSupport was added here: https://github.com/winsiderss/systeminformer/commit/d44e4d04651eafacc240e351482939f068f7c7d4
3.0.7270is available with that commit.ntoskrnl_17763.4974.zip
And race starts again with new updates:
Yes, but generally it doesn’t update.
ksi.dllis a library used by the kernel driver. It can not be unloaded. The purpose of this DLL is to extend the kernel and provide functionality that would otherwise be unsafe or impossible. The updater will check the hash of the DLL to know if it needs replaced, if it does a reboot is requested for the update to finish.We’re working on build pipelines. Two things here:
This is intended, deployment is disabled while we’re testing.
Signatures files (
.sig) aren’t in the zip. Usesysteminformer-3.0.7254-setup.exeif you want, but probably best to wait until we’re done testing. These builds will be pulled shortly.7251 works now fine in 17763.4851 with full driver support (++ in title)
Updated here: https://github.com/winsiderss/systeminformer/commit/d1a6baf440e357f1c1806554ad97df4a5972c3de 👍
10.0.22621.2361and10.0.19041.3516are both on my radar, waiting for symbols to be published 👍I’m not seeing a new build for Server 2022 yet.
@MagicAndre1981
Could you try another build with the latest commits? I improved the error messaging so we can see the actual error code instead of just the localized string. My guess is you built yourself using your own signing keys outlined here. I now recognize that information is incomplete, I’ll update it, but I think you may have not rebuilt the dynamic data using your signing keys (
.\tools\CustomBuildTool\bin\Release\CustomBuildTool.exe -dyndata). Note that both the dynamic data, kernel driver, and the user mode binaries need rebuilt after you generate and place your developer keys.@JJRousseau
We have seen in the past that preview build and the kernel file version can diverge. My guess is your kernel version is actually
10.0.22621.1928but the OS reported version is>10.0.22621. See the following, which checks the “OS reported version”, that might be different than what we print as the “Kernel version”: https://github.com/winsiderss/systeminformer/blob/8d8843eebfef43334c2eef60e91125c9d19a9538/phlib/global.c#L190-L199I’ve updated the message box information displayed there to include more information about the environment in which the error occurred, here: https://github.com/winsiderss/systeminformer/commit/8d8843eebfef43334c2eef60e91125c9d19a9538
@badjawe
Based on that error message in the window, I think you might be running an older version. I’m also not sure what
HKLM\System\CurrentControlSet\Control\WMI\Security\...has to do with this?Latest prod version is 10.0.22621.2283 Update your system.
3.0.7148 fixed it on 19045.3448, but NOT for 17763.4851
the + and ++ show that both have different driver usage levels while ++ is the best
No, it doesn’t break compatibility. We support older kernels. We support release builds for Win10+ x64/ARM64. The supported kernel versions are specified in https://github.com/winsiderss/systeminformer/blob/master/kphlib/kphdyn.xml
We do not yet support preview builds. Updates to those kernels are too frequent for me to keep up with manually. I’m hoping to finish some automation eventually to support them.
Thanks for letting me to @poqdavid - I’m grabbing the new versions now.
@MagicAndre1981 when I was scraping to rebuild the offsets I missed three builds: 10.0.17763.4499 10.0.17763.4644 10.0.17763.4737
I just went over them and the offsets didn’t change from 10.0.17763.4377 - I updated dyndata here: https://github.com/winsiderss/systeminformer/commit/f733df42b4f20f9e938303e4231403d0fd29bd95 - will be in next build 👍
I can confirm that with latest SI driver loads on
19041.3393. Thank you very much.Thank you @MagicAndre1981 . After manual Windows update check I’m on
.3393too.