← All drivers
vulnerable
Driver

rwdrv.sys

RWEverything hardware access driver

From RWEverything
Status
On a known-vulnerable list
Known variants
8 distinct hashes
Field notes

RwDrv.sys is the kernel driver behind RWEverything, a free tool that reads and writes nearly every low-level hardware interface on a PC (PCI configuration space, processor MSRs, SMBus, ACPI tables, embedded controllers). Its very broad access is why it is on the LOLDrivers list. The tool was built to read everything, and the driver was built to enable that.

It is most often found on the machines of enthusiasts, technicians, and firmware developers who use the tool deliberately. Encountering it on a machine where nobody installed RWEverything is unusual and worth a closer look.

What the record shows

rwdrv.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 8 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “rwdrv.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/rwdrv-sys