Can I install a minifilter driver only through modifying registry?

To my knowledge, there are at least four approaches to install a kernel driver:

  1. Through SetupXXX;

  2. Through Service Manager;

  3. Through INF file;

  4. Through Registry;

Provided that I have a minifilter driver, I just wonder if the following installation steps will work?

Step 1. Copy the MyDriver.sys to %SystemRoot%\system32\drivers;

Step 2. Add a subkey named mydriver under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services;

Step 3. Add some values like Start, Type, Tag, Group, Altitude, ImagePath, etc. under the subkey mydriver;

Step 4. Set the value Start is 0, i.e. tell the OS load MyDriver.sys at boot time;

Step 5. Reboot.

My questions is: Are there disadvantages of this method?

Thanks!

It will probably work but there are some disadvantages. It is unsupported
and undocumented, it may stop to work at at any time in the future. Also I
have read that inf files have become a requirement for file system or filter
drivers. How that is enforced I don’t know, perhaps it applies only to
WHQLed drivers. There is also a ntfsd group also which may be better suited
for this question.

//Daniel

xxxxx@gmail.com wrote:

To my knowledge, there are at least four approaches to install a kernel driver:

Well, different types of drivers require different approaches.

  1. Through SetupXXX;
  2. Through Service Manager;
  3. Through INF file;
  4. Through Registry;

Those are not separate techniques. A PnP driver uses #1 and #3. A PnP
filter driver needs #1 and #2. A legacy driver can use #2 or #3
([DefaultInstall]), or #4 if you’re willing to reboot. ALL of the
techniques manipulate the registry, although it’s usually the tools
doing it on your behalf.

Provided that I have a minifilter driver, I just wonder if the following installation steps will work?

Step 1. Copy the MyDriver.sys to %SystemRoot%\system32\drivers;
Step 2. Add a subkey named mydriver under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services;
Step 3. Add some values like Start, Type, Tag, Group, Altitude, ImagePath, etc. under the subkey mydriver;
Step 4. Set the value Start is 0, i.e. tell the OS load MyDriver.sys at boot time;
Step 5. Reboot.

My questions is: Are there disadvantages of this method?

Yes. Step 5 is a disadvantage, and you need to change the registry
permissions in order to do steps 2, 3, and 4. If you write a small
application to call the Service Manager APIs, or use the built-in “sc”
command line tool to do exactly the same thing, you don’t need to reboot
and you don’t have permission worries.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.