- Rename netfilter2.sys to <unique_driver_name>.sys and save it to windows\system32\drivers folder. The given name is used as a substring in driver internal devices to avoid the conflicts with the other driver instances and third-party drivers. The name must be unique for each project, because the driver doesn't allow multiple attached processes.
- Register and start the driver
with a call nfregdrv.exe <unique_driver_name> under administrative account or call
the API function
nf_registerDriver. Any application that uses driver API tries to register the driver automatically during a call to nf_init, if it is not yet registered.
The administrative rights are required to perform this operation. The driver starts
immediately after registration, and reboot is not required. The driver will be loaded
automatically on each system start. When the driver is registered and started, a
client process doesn't require administrative rights for using it via API.
- To unregister the driver call nfregdrv.exe -u <unique_driver_name> or use the API function nf_unRegisterDriver. Then delete windows\system32\drivers\<unique_driver_name>.sys and reboot. Administrative rights are required in both cases.
Use 64-bit version of the driver (amd64 configuration) for 64-bit OSes. 32-bit API works properly with both 32-bit and 64-bit versions of the driver. It is possible to use 32-bit or 64-bit API on x64 platform, according to your project needs.
It is possible to unload and restart WFP driver dynamically, by stopping and starting Windows service with driver name. TDI driver cannot be unloaded. To update WFP driver on Windows 10 it is necessary to stop the driver, because Windows 10 locks the files of running drivers. Also it is possible to rename the old driver file, save the new file instead and reboot.
Elevated administrative rights must be activated explicitly on Vista and later for registering the driver (run the executable using "Run as administrator" context menu item in Windows Explorer).
For Windows Vista x64 and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature. The included driver binaries are not signed. In order to test it you should press F8 during system boot and choose Disable Driver Signature Enforcement option. For the end-user software you have to obtain the Code Signing certificate and sign the driver.