Kernel-Tools is an Ark tool on the Windows platform
It's a completely free tool
support Windows 10 - Windows11
- View Process\Drivers\SystemCallBacks\SystemNotifys\MiniFilters\IDT\SSDT\SSSDT\IoTimer.....
- Hide Process
- Force Hide Process(Erase PspCidTable\Set Pid To 0 ...)
- TerminateProcess(ZwTerminateProcess)
- ForceTerminateProcess(Ignore any process protections)
- SetProcessPP(L)s
- SetProcessPid
- Set Process To System Critical Process
- SuspendProcess
- ResumeProcess
- ProtectProcess
- DIKS/FSD/ScSi/Acpi/AtApi/KeyBoard/Mouse/PartMgr Hook Scan/Remove
- Prohibit CreateProcess/LoadDriver/Edit Registry/CreateFile/READ WRITE Disk BOOT Sector
- Dynamic Disable Driver Signature Enforcement / Enable Driver Signature Enforcement
- ForceDeleteFile(Ignore Irp Occupation/HardLink/Handle Occupation)
- FastShutDown
- FastReboot
- Disable PatchGuard
- Disable Hvci and DSE
- Hide Driver
- Prohibit INIT Firmware
- Permanent Disable PatchGuard
- Disable/Enable ObCallbacks
- Bypass anti-screenshots
- Execute BSOD
- "Kernel Tools.exe" -ddse (Dynamic Disable Driver Signature Enforcement)
- "Kernel Tools.exe" -edse (Dynamic Enable Driver Signature Enforcement)
- "Kernel Tools.exe" -reboot (fastreboot)
- "Kernel Tools.exe" -shutdown (fastshutdown)
- "Kernel Tools.exe" -prohibitcreatefile (prohibitcreatefile)
- "Kernel Tools.exe" -disabledprohibitcreatefile (disabledprohibitcreatefile)
- "Kernel Tools.exe" -forcedeletefile (forcedeletefile(The only entry point for ForceDeleteFile))
- "Kernel Tools.exe" -irpdeletefile(deletefile(The only entry point for DeleteFile))
- Disabled HVCI
- Open Kernel Tools.exe
- Select No in the pop-up selection box
- Wait to enter
- Driver Name
- Driver Base
- Driver Object
- Driver Path
Hidden Driver
- PsSetCreateProcessNotifyRoutine
- PsSetCreateProcessNotifyRoutineEx
- PsSetCreateProcessNotifyRoutineEx2
- PsSetCreateThreadNotifyRoutine
- PsSetCreateThreadNotifyRoutineEx
- PsSetLoadImageNotifyRoutine
- PsSetLoadImageNotifyRoutineEx
- KeRegisterBugCheckCallback
- KeRegisterBugCheckReasonCallback
- CmRegisterCallback
- CmRegisterCallbackEx
- IoRegisterShutdownNotification
- IoRegisterLastChanceShutdownNotification
- PoRegisterPowerSettingCallback
- IoRegisterFsRegistrationChange
- KeRegisterNmiCallback
- SeCiCallbacks
- PoRegisterCoalescingCallback
- IoRegisterPriorityCallback
- PsRegisterAltSystemCallHandler
- DbgSetDebugPrintCallback
- ObRegisterCallBacks
Enum Type/Entry Address/Module
Disabled Callback/Notify
- Filter
- Pre Operation
- Post Operation
- Module
Features: Remove MiniFilter
- Function Name
- Function Address
- Module
SSDT Hook Scan
- IDT Function Address
- Module
- IoTimer Object Address
- IoTimer Entry Address
- Module
- Disable PatchGuard
- Permanent Disable PatchGuard
- Prohibit INIT Firmware
If you do not use the virtual machine and cause any damages, the author will not be held responsible!
Please do not attempt to delete system files using forcedeletefile!