← All drivers
vulnerable
Driver

kobjexp.sys

Kernel Object Explorer driver (System Explorer)

From Pavel Yosifovich (open source)
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Field notes

kobjexp.sys is the 'Kernel Object Explorer' helper driver from System Explorer, an open-source Windows internals tool written by Pavel Yosifovich, a well-known author on Windows internals. The driver lets the tool enumerate kernel objects that user-mode APIs do not expose. The file carries no version or vendor metadata of its own, which is why some scanners list it as unattributed even though it is signed.

It is on the public LOLDrivers list on capability grounds, the same as other diagnostic kernel helpers: the access that makes it useful for inspection is the access an attacker would want. No CVE is assigned and no named incident is tied to it.

This is a developer and research tool, not something a typical gamer would have. If it is on your machine and you did not run a Windows internals utility, identify what placed it. Microsoft's Vulnerable Driver Blocklist blocks known-bad builds from loading.

What the record shows

kobjexp.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “kobjexp.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/kobjexp-sys