Unable to load kernel driver (not yet supported on this kernel version) #1823

MarekKnapek · 2023-08-22T10:47:50Z

ISSUE DESCRIPTION HAS BEEN REWRITTEN BY MAINTAINER @jxy-s:

This issue is for requesting support for new Windows kernel versions. The kernel driver will refuse to load on a Windows operating system running a kernel (ntoskrnl.exe) version that it does not recognize. This behavior is by design. The driver relies on specific data that must be updated and published to support new kernel versions. This data includes internal offsets within the operating system, which the driver uses to provide extended capabilities and system inspection. The data is signed using a cryptographic algorithm and verified by the driver before it is loaded. This signing process ensures that the data has been produced by the project maintainers and not by a third party, preventing potential misuse or abuse of the kernel driver.

To request support, please post a screenshot of the error dialog (see example above).

Please note: Support for new kernel versions may be delayed for various reasons. Usually, Microsoft makes the necessary information public within 24 hours of a new kernel version being released. However, on rare occasions, this information may take days or even a week to appear. In some cases, Microsoft may not provide sufficient information, requiring more effort on our part to update the data. Additionally, delays may occur if the maintainers are occupied with other tasks. While we typically respond to new kernel versions within 48 hours of their release, there are times when it may take up to a week. We are working on automating this process to improve our response time.

We appreciate your efforts in requesting support for new kernel versions and ask for your patience while we work through the necessary updates.

jxy-s · 2024-09-14T02:35:00Z

I would like to inform everyone involved in this thread that the next build will include significant changes to dynamic data. These changes were necessary to better support the automation of dynamic data generation. I have gone through and generated the dynamic data manifest for a large number of supported kernels.

As a result, we will be trialing support for ntkrla57 and preview builds 🎉. However, please note that for preview builds, Microsoft may not always provide the information needed to generate the dynamic data. Our long-term goal is to fully automate both the generation and validation of dynamic data, but we still have some work to do in fully vetting the current tooling.

That being said, since there are significant changes and a regeneration of dynamic data, there is a possibility that some kernels may have been missed or other issues could arise. I appreciate your patience as we work through these.

A new build will be available soon™️.

poqdavid · 2024-09-14T12:34:05Z

Does this mean that you will be able to support Insider channels, such as Release Preview, as well?

jxy-s · 2024-09-14T16:59:29Z

Does this mean that you will be able to support Insider channels, such as Release Preview, as well?

Yes, as long as Microsoft provides the necessary information. There are two scenarios to consider. First, with the automated metadata we currently have access to, testing shows we achieve around 90% coverage of kernels. However, in some cases, we may need to manually retrieve the kernel binary, either through user submission or by other alternative means.

DavidXanatos · 2024-09-14T17:04:51Z

Does this mean that you will be able to support Insider channels, such as Release Preview, as well?

Yes, as long as Microsoft provides the necessary information. There are two scenarios to consider. First, with the automated metadata we currently have access to, testing shows we achieve around 90% coverage of kernels. However, in some cases, we may need to manually retrieve the kernel binary, either through user submission or by other alternative means.

Are you using the provided PDB files or also other data sources?

jxy-s · 2024-09-14T17:12:32Z

Does this mean that you will be able to support Insider channels, such as Release Preview, as well?

Yes, as long as Microsoft provides the necessary information. There are two scenarios to consider. First, with the automated metadata we currently have access to, testing shows we achieve around 90% coverage of kernels. However, in some cases, we may need to manually retrieve the kernel binary, either through user submission or by other alternative means.

Are you using the provided PDB files or also other data sources?

We are positioned to leverage multiple data sources.

DavidXanatos · 2024-09-22T07:55:11Z

I would like to inform everyone involved in this thread that the next build will include significant changes to dynamic data. These changes were necessary to better support the automation of dynamic data generation. I have gone through and generated the dynamic data manifest for a large number of supported kernels.

As a result, we will be trialing support for ntkrla57 and preview builds 🎉. However, please note that for preview builds, Microsoft may not always provide the information needed to generate the dynamic data. Our long-term goal is to fully automate both the generation and validation of dynamic data, but we still have some work to do in fully vetting the current tooling.

That being said, since there are significant changes and a regeneration of dynamic data, there is a possibility that some kernels may have been missed or other issues could arise. I appreciate your patience as we work through these.

A new build will be available soon™️.

is this the "Saturday, 14th of September, 2024 Canary" build

Also a small OT request: would it be possible to link with every canary release the exact git tag it was built from? Or may be that's already the case and I just don't know where to find that info LOL

MagicAndre1981 · 2024-09-22T08:03:36Z

Also a small OT request: would it be possible to link with every canary release the exact git tag it was built from? Or may be that's already the case and I just don't know where to find that info LOL

In check for updates dialog you see the short git hash

DavidXanatos · 2024-09-22T11:38:40Z

I noticed that the latest DynData are not for the latest ARM64 Win11 yet:

jxy-s · 2024-09-22T15:27:39Z

I noticed that the latest DynData are not for the latest ARM64 Win11 yet:

Added a few more ARM64 kernels in these commits:
f247ebc
bf387c7

Unsure exactly why those were not reported to me automatically, will investigate that - but they'll be available in the next build 👍.

MagicAndre1981 · 2024-09-24T08:52:35Z

Unsure exactly why those were not reported to me automatically, will investigate that - but they'll be available in the next build 👍.

has your logic detected the latest RP Updates for Windows 11 23H2 (KB5043145) and 24H2(KB5043178)?

Or do you still only support retail updates?

jxy-s · 2024-09-24T23:16:01Z

The automation primarily depends on SystemInformer running on those builds and checking for updates at least once. However, I have alternative methods to backfill any missing information.

Or do you still only support retail updates?

We’re currently tentatively trialing support for all releases, not just retail.

Regarding those specific kernels, my tooling indicates to me that Microsoft has not yet provided the necessary data for those kernels.

trparky · 2024-11-05T02:57:07Z

kotenok2000 · 2024-11-05T03:02:06Z

Latest version canary channel updates to is 3.1.24305.0

Giantvince1 · 2024-11-12T23:54:13Z

This is Windows 11 Enterprise LTSC 2024. Latest canary producing this error as of time of writing. Let me know if you need me to send my ntoskrnl.exe file and/or where to find the PDB needed.

Giantvince1 · 2024-11-13T17:13:12Z