ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Enumerate
  • Registry Locations
  • Notes

Was this helpful?

  1. Windows
  2. System Ops
  3. Filesystem

Drivers

Enumerate

lm

Displays loaded kernel modules (aka Drivers).

driverquery /v

Lists driver information in verbose mode.

driverquery

Lists all installed drivers and their properties.

Get-WmiObject Win32_PnPSignedDriver

PowerShell command to get detailed driver information.

pnputil /enum-drivers

Enumerates all drivers in the driver store.

dism /online /get-drivers

Lists drivers using Deployment Image Servicing and Management tool.

WMIC:

wmic sysdriver get displayname,pathname,started,status

Registry Locations

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

This key contains subkeys for each service and driver installed on the system. Each subkey includes information about the driver's configuration, type, start type, and path to the executable.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

Stores information about 32-bit drivers, particularly for multimedia components like audio and video drivers.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKLM\SYSTEM\CurrentControlSet\Control\Class

Contains settings for all hardware device classes. Each class GUID subkey holds information about the drivers associated with that class of devices.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class

This key is similar to the one above and contains a list of all device classes with their corresponding settings and installed drivers.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

This key enumerates all hardware devices and their driver information. It includes details such as device IDs, driver versions, and hardware capabilities.

Notes

In the context of Windows operating systems, kernel modules are essentially the same as drivers. In Windows, drivers are a specific type of kernel module. The term "kernel module" generally refers to a software component that can be loaded into the kernel of an operating system to extend its capabilities or provide support for hardware devices.

In Windows, these kernel modules are typically called drivers, especially when they are used to enable the operating system to interact with hardware devices, such as graphics cards, network adapters, and storage devices. Drivers operate at the kernel level, allowing the operating system to communicate with and control hardware.

While the term "kernel module" is more commonly used in Unix-like operating systems (e.g., Linux), the concept is similar in Windows. Drivers in Windows can be:

Device Drivers: Software that allows the operating system to communicate with hardware or virtual devices. System Drivers: Software components that provide core functionality within the operating system, such as file system drivers.

PreviousInstalled SoftwareNextShares

Last updated 1 year ago

Was this helpful?

🪟