Installation

The driver must have unique name to avoid the conflicts with the other software.

  • Rename the driver to <unique_driver_name>.sys and save it to windows\system32\drivers folder. The given name is used as a substring in driver internal devices to avoid the conflicts with the other driver instances and third-party drivers. The name must be unique for each project, because the driver doesn’t allow multiple attached processes.

  • Register and start the driver with a call nfregdrv.exe <unique_driver_name> under administrative account or call the API function nf_registerDriver(). Any application that uses driver API tries to register the driver automatically during a call to nf_init(), if it is not yet registered. The administrative rights are required to perform this operation. The driver starts immediately after registration, and reboot is not required. The driver will be loaded automatically on each system start. When the driver is registered and started, a client process doesn’t require administrative rights for using it via API.

  • To unregister the driver call nfregdrv.exe -u <unique_driver_name> or use the API function nf_unRegisterDriver(). Then delete windows\system32\drivers\<unique_driver_name>.sys and reboot. Administrative rights are required in both cases.

It is possible to unload and restart the driver dynamically by stopping and starting Windows service with driver name. But only when there are no other similar drivers attached to the same device after the driver, i.e. the driver is loaded last. When there are other similar drivers loaded after the driver, the driver stays in STOP_PENDING state after unloading attempt, until reboot or unloading the top level drivers.

To update the driver on Windows 10 and higher in generic case it is necessary to rename or move the old driver file, save the new driver file with old name and reboot.

It is possible to schedule move and delete operations for the driver file after Windows reboot using this tool: https://learn.microsoft.com/en-us/sysinternals/downloads/pendmoves

Examples:

Delete the specified file after Windows reboot:

movefile.exe /nobanner “c:\windows\system32\drivers\<name>.sys” “”

Update (overwrite) the specified file after Windows reboot:

movefile.exe /nobanner “<my_folder>\<name>.sys” “c:\windows\system32\drivers\<name>.sys”

Also it is possible to modify the following registry value with type REG_MULTI_SZ using own code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

Use 64-bit version of the driver for 64-bit OSes. 32-bit user mode API works properly with both 32-bit and 64-bit versions of the driver. It is possible to use 32-bit or 64-bit API on 64-bit platforms, according to your project needs.

Elevated administrative rights must be activated explicitly for registering the driver (run the executable using “Run as administrator” context menu item in Windows Explorer).

For Windows 8 and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature. The included driver binaries are not signed. In order to test it you should press F8 during system boot and choose Disable Driver Signature Enforcement option. For the end-user software you have to obtain the Code Signing certificate and sign the driver.

See the Signing the drivers section for the details about signing the drivers.

Supported platforms:

Windows 8 and higher x86/x64/ARM64