kernullist

kernullist / kn-live-dbg

Public

Windows kernel research tool. Looks like a debugger, but it is not a debugger. It uses a kernel driver to provide a WinDbg-like live kernel debugging experience from a TUI console.

19
4
80% credibility
Found May 20, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C++
AI Summary

Kn-Live-Dbg is a Windows kernel live debugging tool designed for security researchers and driver developers. It consists of a small kernel driver that provides safe memory reading and writing capabilities, paired with a user-mode console application that handles symbol loading, type interpretation, and a familiar command interface. The tool can read and write both virtual and physical memory, enumerate kernel callbacks (for processes, threads, registry, objects, and minifilters), load debugging symbols from Microsoft's servers, and includes an optional AI assistant to help plan investigations. It requires test-signing mode to operate and is explicitly designed for defensive research in controlled lab environments.

How It Works

1
🔬 You learn about kernel debugging

You discover this tool while researching Windows security, anti-cheat systems, or driver development in a safe lab environment.

2
⚙️ You set up test-signing mode

You enable the special developer mode in Windows that allows unsigned drivers to load, a requirement for kernel debugging.

3
🚀 You launch the debugger

The tool installs its driver, connects to your local kernel, and downloads the symbols it needs automatically.

4
Choose your path
⌨️
Use commands directly

Type commands like looking at memory, listing modules, or examining kernel callbacks using familiar syntax.

🤖
Ask the AI assistant

Ask questions in plain English and get help planning your investigation or understanding what you find.

5
🔍 You explore the kernel

You examine running processes, kernel callbacks, memory regions, and translate addresses between virtual and physical space.

6
📝 You analyze what you find

You view structure layouts, disassemble code, and document your findings with exportable reports.

You complete your research

You safely analyzed the kernel in your controlled lab environment, documented your findings, and cleanly shut down the tool.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is kn-live-dbg?

Kn-live-dbg is a Windows kernel live-debugging tool that gives you a WinDbg-like experience without needing a separate debugger. Built in C++, it pairs a kernel driver with a TUI console: the driver handles low-level memory operations while the console manages symbols, types, and user interaction. You get virtual and physical memory reads/writes, VA-to-PA translation, callback enumeration, and a growing AI assistant layer for command planning. It ships as a signed driver plus executable, runs from an elevated console, and speaks a familiar WinDbg command dialect.

Why is it gaining traction?

The hook is simple: you get live kernel access without the overhead of setting up KD debugging. The tool handles symbol loading from Microsoft's server, walks page tables including LA57 (5-level paging on modern Windows), and enumerates kernel callbacks across object-manager, registry, process, thread, image-load, and minifilter scopes. There's also a positive-control probe driver for testing reads and writes against a known buffer rather than guessing at arbitrary kernel addresses. The optional AI assistant layer lets you ask questions in plain language and get command suggestions back, which lowers the barrier for developers less familiar with kernel internals.

Who should use this?

Windows kernel security researchers analyzing live systems, driver developers doing diagnostics on their own code, and anti-cheat engineers studying kernel callbacks will get the most value. It's also useful for controlled lab analysis where you need kernel memory inspection without KD session setup. If you're not already comfortable with kernel-mode concepts and Windows internals, this tool will have a steep learning curve.

Verdict

Kn-live-dbg fills a real gap for kernel-mode debugging, but the credibility score of 0.8% reflects its niche status and low star count. The documentation is thorough and the feature set is impressive for the size, but it's early-stage software with limited community validation. If you need live kernel memory access on Windows, this is worth evaluating; just budget time for test-signing setup and understand that bad writes crash machines.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.