InstDrv.exe is asm variant of ntddk\src\general\instdrv\exe\instdrv.c

Purpose: To install/unistall (=load/unload dynamically) NT kernel-mode driver

The right to start/stop services is required (I'm sure You are Administrator).

Usage: instdrv <driver name> <.sys location> 
          to install driver, or:
       instdrv <driver name> remove
          to uninstall driver

       Quotation marks allowed.


There are 2 ways of installing drivers in Windows NT:

FOR MORE (AND EXACT) INFORMATION SEE 
MSDN\Windows NT 4.0 DDK\Programmer's Guide\System Initialization 


1st method - "transparent"
--------------------------
DriverExeName must be present in %SystemRoot%\System32\Drivers.
.sys extension is required.
Driver is usually registered via .REG (regedit) or .INI (regini) or .INF file.
After 1st registration it's needed to reboot. SC Manager machinery isn't
required. 
Registry must contain:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DriverName
 DisplayName: REG_SZ: DisplayName
 ErrorControl: REG_DWORD: 0xa
 Start: REG_DWORD: 0xb  (b= 0 boot, 1 system, 2 automatic, 3 manual, 4 disabled)
 Type: REG_DWORD: 0xc (c= 1 kernel-mode)
can also contain:
 Group: REG_SZ: GroupName
 ImagePath: REG_EXPAND_SZ: Path
 Tag: REG_DWORD : 0x??
 etc...


2nd method - "private"
----------------------
DriverExeName and location are arbitrary. All goes thru SC Manager.
CreateService creates a Registry record (see above) in Registry. Reboot isn't
needed. The record contains also ImagePath and subkey Security. The record
is erased by DeleteService.


Once a Registry record above exists, NET START/STOP DriverName commands
can be used.

In both cases (when driver is started, StartService) is created UNERASABLE
Registry record:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRIVERNAME
usually with field NextInstance: REG_DWORD: 0x1 and subkey 0000 with several
values and if driver was started 1st time subkey 0000 contains moreover 
subkey Control with value *NewlyCreated* : REG_DWORD: 0 and
ActiveService: REG_SZ: DriverName.


If You want GUI variant of InstDrv download monitor.zip from
Compuware/NuMega/Vireo (try http://www.vireo.com).


EliCZ, chemical student, http://elicz.cjb.net, May-16-1999