Ideas. Interesting. Public catering. Production. Management. Agriculture

The rules do not work on the usergate computer. Overview of the UserGate proxy server - a comprehensive solution for providing Internet access sharing. Setting up proxy services in UserGate

Today we will teach you how to install device drivers from sys and inf files.

Finding, installing and configuring a device driver 200 rub.

When downloading drivers from the Internet for your devices, you may not come across the installation package you are used to, but an archive with sys and inf files. Sys files are system files and inf is often component computer hardware driver. If your driver includes only sys and inf without the installer you are used to, do not despair, this species drivers can also be installed. In most cases, such drivers are distributed on third-party sites, not on manufacturers' sites. Therefore, be careful and check each downloaded driver with an antivirus program.

Installing the driver in the form of sys and inf files

1. The first thing we need is to go to the device manager. We press start, and by the name "my computer" we call the drop-down menu by pressing the right mouse button and select the property from the list. A new window will open in which we need to go to the "device manager" section located in the left column. In the list that opens, find the equipment that is marked with a yellow exclamation mark, right-click on the device that needs to install the driver and click on the item - update driver. The next window will launch the wizard for installing and configuring new equipment. Select the item to manually install the device driver.

2. Next, we will be prompted to select the folder in which our drivers are located, that is, sys or inf files. Next, confirm your choice to start installing the driver. If the driver is not compatible with the device, or the device already has more than new version driver, you will be prompted to select another file to properly configure the device.

3. If you find only one single sys file without inf in the downloaded archive, then the driver installation wizard for the device will not be able to install them. In order for the driver to install and work correctly, you need to copy the .sys file to windows->System32->drivers. After we have copied our driver to the system folder, we start the installation and search for the driver in automatic mode. When installing such files, we recommend checking them with an antivirus program, since some attackers embed malicious code in driver files, and downloading drivers is best from the official site.

Also, if you have any difficulties in updating the drivers yourself, then our masters will be happy to do this work.

Departure of the master and diagnostics0 rub.

It is obvious that every user of a personal computer, from time to time, needs to connect a device to his station. The reason why this is happening is not of much interest to us now, it may be an upgrade that is well known to many (in order to increase the performance of individual nodes, and as a result of the overall system performance), it may simply be the addition of new equipment to expand the functionality of an existing configuration, as, for example, in the case of connecting a new game controller, it may also be the need to use data from a flash drive. Regardless of how we connect a new device, the Windows operating system is forced to respond to the appearance of new hardware by performing certain manipulations to ensure that new hardware is supported at the software level. Many operating systems use an interface between hardware and a software layer called a driver to enable software interaction with devices.

Driver (Driver) - software with the help of which the operating system and the program modules running in it gain access to hardware or logical devices.

That is why the operating system is trying by all means available to it to ensure the functioning of the device in its environment, for this an attempt is made to install the appropriate driver for the newly connected device, in order to provide the functions of the new device for access to user mode programs and kernel mode code, because without this most notorious driver, the equipment in the system simply cannot work.
It was not by chance that I mentioned logical devices in the definition, since there is a separate category of drivers that do not service hardware, but are integrated to expand the implementation (extensions, additions) of the functionality of various system modules. But who are you going to surprise by installing drivers now? This process is already so familiar to all PC users from many years of practice that some, I'm sure, can do it with their eyes closed :) But have we thought about the details of this process, have we ever thought about driver installation algorithm? Have you ever wondered exactly what actions the operating system performs when a new device is connected and drivers are installed?

Agree that from the user's point of view, the process of installing a driver in Windows, in most cases, looks quite prosaic. The familiar animated icon of the installation wizard appears in the system tray, and after a while the system may issue a report on the successful or unsuccessful installation of the new device driver in the system. Moreover, often the installation wizard, apart from this very tray icon, does not at all give any visual confirmation of attempts to install a new device, while "quietly" adding new equipment to the list of devices and (in case of failure) marking it with a special icon in the device manager, prompting the user to manual mode Continue hardware configuration. All these external processes, which are already well known to both you and me, have been present in one form or another in all versions of Windows operating systems almost since the appearance of this operating system, differing slightly only in details. They have become so familiar and familiar that I never even thought about what is happening "on the other side of the screen", in the bowels of the operating system, what is hidden under this imaginary simplicity? As you will see below, installing a Windows driver for a physical or logical device hides quite complex and extremely interesting processes. Driver installation algorithm on Windows can be broken down into the following key global tasks:

  • Copying the driver binary to the appropriate directory on the system;
  • Registration of the driver in the Windows system indicating the download method;
  • Adding the necessary information to the system registry;
  • Copy/install related support components from the driver package;

In addition to the main tasks performed as part of the driver installation algorithm in Windows, it would be nice to classify the conditions under which the Windows driver installation process starts:

  • The user installs a new device into a turned off computer. In this case, the process of detecting a new device and installing the driver begins already at the stage of loading the operating system.
  • A user with local administrator rights, using the Device Manager snap-in, initiates the installation or update of a driver for an already installed device.
  • The user "on the go" connects a new device to a working computer. In this case we are talking about a certain category of devices that can connect on the fly, such as devices with an external eSata interface, USB, etc. After all, you will not install an internal video card when power is applied to the PCIe slots, will you? I personally have not done this yet :)
  • The user independently launches the driver package kit installer from under account with local administrator rights. This method can be used both to install drivers for physical devices that support the Plug and Play standard, and to install non-PnP (legacy) drivers, logical device drivers that cannot be automatically detected by the system and that cannot be installed except in manual mode. A typical example would be antiviruses or virtual machines that install their drivers (logical devices) into the system.
  • The user right-clicks on the .inf file in the driver directory and selects Install from an account with local administrator rights.

But what is the driver package itself? After all, as we have repeatedly seen, this is a whole set of files of absolutely different, at first glance, purpose. Without a more in-depth overview of the structure of the driver installation package, it will be difficult for us to understand the driver installation algorithm itself, so we will give the general components:

  • .inf file(s). The key component of a driver installation package is a file that describes the driver installation process. inf file is divided into sections and consists of instructions that tell the system exactly how the driver is installed: they describe the device to be installed, the source and destination locations of all driver components, various changes, which must be entered into the registry when installing the Windows driver, information about driver dependencies, and so on. .inf files associate a physical device with a driver that controls that device.
  • The binary file(s) of the driver. At a minimum, the package must contain the .sys - or .dll - file of the driver core. In fact, a single .sys file (in extreme cases) can be installed (with reservations) manually through editing the registry.
  • Installation executables. Usually these are well-known installation utilities that are named setup.exe , install.exe and some others.
  • Executable uninstall files. These are usually uninstall utilities that are named uninstall.exe .
  • File(s) for additional procedures and libraries. Usually these are auxiliary libraries of the .dll format, co-installers.
  • .cat file(s). Catalog file signed with a digital signature. These files contain digital signatures of the directories and act as a signature for the package files, with which the user can determine the origin of the package and verify the integrity of the driver package files. Required on 64-bit versions of Windows from Vista onwards and recommended for everyone else.
  • User mode control modules. Usually these are various command applets that work in user mode, such as ATI Catalist Control Center, VIA HD Audio Desk, Realtek HD Audio Control Panel and the like.
  • Help files. Where would it be without them?

Terms and Definitions

In this article, I will describe only one installation method, which, in any case, describes almost all the steps in the driver installation algorithm in Windows, which are applicable to other methods. And we will now talk about the situation when the user inserts new equipment, such as a video card, into the internal connector of a turned off computer. But first, let's introduce some definitions that we need in the process of studying the driver installation algorithm.
Manager (dispatcher) Plug and Play (PnP Manager, PnP Manager)- a cloud of kernel mode and user mode code responsible for adding, recognizing, removing devices in the system. The kernel mode block interacts with the rest of the system during boot/installation software needed to service the devices in the system. User mode block ( %Windir%\System32\umpnpmgr.dll, runs in the context of the main system process svchost.exe) is responsible for user interaction in situations that require installing new drivers or adjusting operating parameters in already installed ones. Responsible for the assignment and subsequent allocation of hardware resources such as interrupts (IRQs), I/O ports, direct memory access (DMA) channels, and memory addresses. It has the functionality of determining the driver required to support a particular device and the functionality of downloading / installing this driver. Able to recognize new devices, respond to their connection and disconnection. It is part of the Windows executive subsystem code.

Device enumeration

It makes no sense to describe the entire loading stage from the very beginning, and we will start from only the stage of interest to us, at which the Winload (.efi) module loads the Windows 7 operating system kernel from the ntoskrnl.exe file. The kernel runs the PnP manager, which is part of the executive subsystem. The PnP manager starts the device enumeration process from the root device, a virtual bus driver called ROOT (Root), which represents the entire system and is a bus driver in general for all PnP and non-PnP devices, as well as HAL (hardware abstraction layer). The HAL at this stage functions as a bus driver that enumerates the devices directly connected to the motherboard. However, instead of actually enumerating, HAL relies on the hardware description already present in the registry. HAL target on this stage- detect primary buses such as PCI. The primary PCI bus driver, in turn, enumerates the devices connected to this bus, finds other buses, for which the PnP manager immediately loads drivers. These bus drivers, in turn, already discover the devices on their buses. This recursive process of enumerating, loading drivers, and then enumerating, continues until all devices in the system have been discovered and configured. During the PnP enumeration process, the manager builds a device tree that uniquely describes the relationship between all devices in the system. The nodes in this tree, called devnodes (short for "device nodes"), contain information about the device object, which in turn describes the device in detail.
Records of all devices that have been discovered since the system was installed are stored in the registry hive HKLM\SYSTEM\CurrentControlSet\Enum. The subkeys of this hive describe devices in the following format:

HKLM\SYSTEM\CurrentControlSet\Enum\ Enumerator\ DeviceID\ InstanceID

HKLM\SYSTEM\CurrentControlSet\Enum\
  • Enumerator - the name of the bus driver. Can take the following values: ACPI , DISPLAY , HDAUDIO , HID , HDTREE , IDE , PCI , PCIIDE , Root , STORAGE , SW , UMB , USB , USBSTOR and others;
  • DeviceID - unique identifier for this device type;
  • InstanceID - A unique identifier for different instances of the same device.

The fact is that the bus driver to which the device is connected asks the device for various parameters (manufacturer ID, device ID, revision, etc.) and generates the so-called hardware ID (HardwareID), which uniquely describes the device and is a string of parameters separated by & characters and consisting of the following parts:

  • A prefix describing the bus to which the device is connected.
  • Device ID. It consists of several parts, such as manufacturer ID, product (model) ID, device revision.

HardwareID - an identification string that depends on the device parameters (manufacturer, model, revision, version, etc.) that Windows uses to match the device with the driver's .inf file.

Typical HardwareID structure:

PCI\VEN_10DE&DEV_1341&SUBSYS_2281103C&REV_A2

In addition to the HardwareID , the device is assigned a CompatibleID parameter(s), which has a similar format, but contains only more general values ​​that do not contain device-specific parameters (some device IDs) and are needed to initialize a wider range of compatible devices.

The HardwareID and CompatibleID are used by the Windows executive subsystem code to find the device driver.

Driver discovery

If at the stage of device enumeration and driver loading, the functional driver of the bus to which the new device is connected informs the PnP manager about changes in the connected child devices. The kernel-mode PnP manager checks to see if a driver is associated with the device by querying the bus driver on which the new device is connected and getting the HardwareID and optionally the CompatibleID of the device. The kernel-mode PnP manager informs the user-mode PnP manager that the given device needs to be installed with a special event, passing it the received identifiers. The PnP user mode manager first tries to automatically install the device without user intervention. To do this, the user-mode PnP manager launches the rundll32.exe utility to launch the Device Driver Installation Wizard (%Windir%\System32\Newdev.dll ).

The Device Driver Installation Wizard initiates a search for a suitable driver for the device using information from all system inf files located in the following trusted system locations:

  • Driver storage;
  • Windows Update;
  • System directory of INF files;

For the above purposes of searching and installing the driver, the functions of the libraries setupapi.dll (installation support functions) and cfgmgr32.dll (configuration manager) are used. The search process uses data already obtained this moment identifiers HardwareID and (optionally) CompatibleID , the values ​​of which describe all possible options for identifying the hardware in the driver installation file, that is, the inf file. The ID values ​​of the installed device are compared with those described in the Models sections of inf files registered in the system. The identifier lists are ordered, so the more specific hardware descriptors appear first in the lists. If ID matches were found in multiple inf files, a more exact match is preferred over a less exact match, signed inf files are preferred over unsigned ones, and later signed inf files are preferred over previously signed ones. If a match based on the HardwareID is not found, then the CompatibleID is used, if present, of course. If no match is found based on the CompatibleID , the Add Hardware Wizard may prompt you for the location of a fresh hardware driver. Let's take a closer look at all of these sources of driver information.

Driver storage

The driver installation wizard tries to find a suitable inf file in the system driver store located in the %Windir%\System32\DriverStore directory, which contains all the system drivers included in the Windows distribution, obtained through the Windows Update service, or installed into the system by the user.

The Driver Store is a secure system location, a directory intended to store all the driver packages that have ever been installed on the system.

The Driver Store was first introduced in Windows Vista. Before installing any driver into the system, first the specialized code checks the digital signature of the driver, then the syntax of the driver's inf files, then the privileges of the current user, only after that it places all the driver components in the system driver storage. But then the driver in the driver store can be used to install devices in the system. Since the procedure for placing a driver in the store is well developed, the driver store is the most trusted source of information about drivers.

System directory of INF files

In parallel, the system looks for the driver in the system location described by the value of the DevicePath parameter, located in the registry branch HKLM\Software\Microsoft\Windows\CurrentVersion. The setting is typically %SystemRoot%\inf , which is equivalent to C:\Windows\inf on most systems.

INF file

I would like to make a small digression and talk separately about the information files of the driver package. inf file is one of the key components of the driver package. It stores the sequence of operations for installing and uninstalling the driver, described by special directives that point to the location of the functional driver files. The file contains commands that add to the registry information responsible for the enumeration (Enum) of the driver and its class (Class), and may contain instructions for the hardware installation wizard to launch the so-called main installers (Class Installer, Class Installer) and additional installers (CoInstaller, Coinstaller) for the device class and the device itself. Additionally, the inf file defines the type, manufacturer, device model, driver class, required files, and resources.

A co-installer (a regular DLL in structure) is an additional installer called during the installation phase that performs subclass or device-specific installation steps, such as preparing the infrastructure for the driver to work on the system (for example, installing the NET.Framework package), displaying configuration dialogs that allow the user to specify settings for a particular device.

An important feature of co-installers is that, if necessary, they bind instances of a new device to the protocols required for operation. This, for example, may concern various kinds of communication devices that require different protocols and transports to work, such as ndis , pppoe , tcpip , tcpip6 , smb , netbt .
The .inf file additionally describes the operations of unpacking, copying, launching, renaming files, adding and deleting keys in the registry, and much more.
However, let's return to the main driver installation algorithm in Windows. In the event that the device driver installer did not find suitable drivers in the locations listed above, the system marks the device as unrecognized.

In this case, the user is prompted to independently continue installing the device through the applet device Manager. After the user selects the device on his own and specifies the location of the driver files, the driver installation algorithm continues its work and the next step starts checking digital signature drivers.

Checking the digital signature of the driver

The fact is that the driver, as part of the kernel mode code, is a rather critical component of the operating system, and any errors made by the developer in the driver code can easily lead to serious crashes (BSOD) in the system. For some time now, Microsoft has been quite sensitive to the quality of driver code, and in this regard, mechanisms such as digital driver signature and system driver signature policy have been introduced into Windows operating systems.

A driver's digital signature is a variable-length data string that, to a certain extent, is a guarantee that the driver code was created by a reliable source and has not been subjected to unauthorized modifications.

The next step is the user-mode portion of the PnP manager code that checks the system's driver signing policy. If system policy tells kernel code to block or warn about installing unsigned drivers, then the PnP manager parses the driver's inf file for the presence of a CatalogFile directive pointing to a catalog file (a file with a .cat extension) containing a digital signature of the driver package.

The catalog file (.cat) is a special file that acts as a digital signature for the entire driver package, because each file included in the driver package is not individually signed. The only exceptions are the boot phase kernel driver binaries, but they are checked by separate kernel code.

To test drivers and sign them, the Microsoft Windows Hardware Quality Lab (WHQL) was formed, which thoroughly tests the drivers supplied with Windows distributions, as well as drivers from major hardware vendors. For all other driver developers, procedures are in place to obtain the ability to self-sign drivers for a fee. When a driver passes all WHQL tests, it becomes "signed". This means that for a driver, WHQL generates a hash, or unique signature, that uniquely identifies the driver's files, and then cryptographically signs it using a special Microsoft private key used to sign drivers. The signed hash is placed in a catalog file (.cat file) that is placed directly in the driver package directory.
During driver installation, the PnP user-mode manager extracts the driver signature from the .cat file, decrypts the signature using the Microsoft public key, and compares the resulting hash with the hash of the driver being installed. If the hashes match, the driver is marked as WHQL tested. If the signature cannot be verified, the PnP manager acts according to the system's driver signature policy settings, either disallowing the driver installation or still allowing the driver to be installed.

Create a backup

It's a pretty good Windows strategy to create a restore point before adding new device drivers to the system. This is due, first of all, to the fact that a kernel-mode driver containing an error can be the cause of the system's complete inoperability, and then what to do with this system? Even despite all the signatures and checks, the user should be able to roll back the configuration in case, for example, he did not like something after installation.

Driver installation

This step deploys the third-party driver package to the system driver store. Then, the system performs the actual installation of the driver from the driver store, which is done using the %Windir%\System32\drvinst.exe utility. During this phase, the following events occur:

  • inf file of the driver is copied to the specialized folder %Windir%/inf . It is typical for third-party drivers to rename the file to OEMx.inf , where x is the ordinal number of the inf file in the directory.
  • The operating system code fixes the fact of installing the inf file in the registry.
  • A device node (devnode) is created in the registry along the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ \\ , which contains detailed information about the device.
  • The driver binaries are copied to the target folder %Windir%\System32\DRIVERS and possibly other target folders. The registry keys are updated.
  • The registry key corresponding to the driver is formed: HKLM\SYSTEM\CurrentControlSet\Services\driver_name. Key parameters are formed.
  • A registry key is formed that is responsible for logging driver events and is located in the branch HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\driver_name.
  • The PnP manager calls the DriverEntry procedure for each newly installed driver. The kernel-mode PnP manager then attempts to "start" the driver by loading it into memory and calling the driver's AddDevice procedure to inform the driver itself of the presence of the device for which it was loaded.

Location of driver information

In addition to describing the driver installation algorithm itself in Windows, I would like to highlight a separate section and devote it to describing the possible locations of information about drivers in the file system and registry. From a practical point of view, this information is intended to simplify manual editing in case of any fatal failures. The following are the locations where you might notice traces of driver information.

General Driver Logs

There are a number of logs on the system that can help with various driver related issues.

  • %Windir%\setupact.log -- contains debug messages from the kernel-mode driver installer, which is a Win32 DLL that accompanies the device setup process;
  • %Windir%\inf\setupapi.app.log -- contains messages from the application installation process;
  • %Windir%\inf\setupapi.dev.log -- contains device installation process messages;

Driver Log

If you are using the Package Manager (pkgmgr) to install/uninstall a package that (in turn) installs, updates, or uninstalls a driver, then you have the option to enable (for debugging purposes) the creation of a special drivers.log log file that will contain only driver-specific errors. To generate this log, create/set the following registry key, and then run pkgmgr again. After that, in the directory where pkgmgr was launched from, a drivers.log file will be created.
Branch: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Device Installer
Key: DebugPkgMgr
Type: Dword
Value: 1

%Windir%\inf

All inf files are stored in this directory. As mentioned above, after installing a third-party driver into the system, its inf file is renamed to OEMx.inf, so you can see a whole series of similar files in the directory. The operating system code remembers the fact that the inf file was installed in the registry.

%Windir%\System32\DRIVERS

This is the directory in the Windows file system where the actual driver files are located. In modern operating systems, and I'm talking now about Windows Vista and later, the vast majority of drivers in this directory have .sys extensions, dll files are less common, but this does not change the general meaning, because, regardless of the extension, they are all identical in structure to .dll files. In earlier operating systems, there were formats such as .drv and .vxd .

%Windir%\System32\DriverStore

The system collection of drivers, which is intended to contain all the drivers that have passed through your system. Used since Windows Vista. Before installing any driver into the operating system, first the specialized code checks the driver's signature, then the syntax of the driver's inf files, then the privileges of the current user, only after that it adds all the driver's components to the system collection. And only after that the driver can be used in the system to install devices without any user intervention.

HKLM\SYSTEM\CurrentControlSet\Enum

A registry hive containing information about the devices in the system. The PnP manager creates a key here for each device in the format HKLM\SYSTEM\CurrentControlSet\Enum\Enumerator\deviceID. where Enumerator is the bus identifier described above in the article, obtained at the device enumeration stage, deviceid is the device type identifier. The key contains the following information: device description, hardware identifiers (Hardware ID), compatible device identifiers (Compatible ID) and resource requirements. The hive is reserved for use exclusively by operating system code, so user applications and drivers are discouraged from interacting with it directly, rather than using documented system functions.

HKLM\SYSTEM\CurrentControlSet\Control

Registry hive containing information about various driver configuration settings at the operating system startup stage. Contains such important keys as:

  • Class contains information about device installation classes, which are used to group devices that are configured and installed in a similar way. For each installation class, this key contains a key whose name is the same as the GUID name of the corresponding installation class.
  • CoDeviceInstallers contains information about class co-installers
  • DeviceClasses contains information about the interfaces of devices registered in the system. any driver that wants to interact with user-mode programs on the system must provide an interface. The device interface class exposes the functionality of the device and its driver to other system components and user-mode applications.

HKLM\SYSTEM\CurrentControlSet\Services

A registry hive that is used to store information about all the services (drivers) on the system. Each system driver places fairly important global information about itself in sub-keys of the form HKLM\SYSTEM\CurrentControlSet\Services\<Имя_драйвера> , which is used by the driver during the initialization process at the system boot stage. The hive is actively used by the PnP manager to pass parameters when calling the driver initialization procedure.
This hive contains the following elements:

  • ImagePath - contains the full path in the binary file (image) of the driver. the installer fills in this value based on data from the inf file of the driver package;
  • Parameters - stores the driver's individual information, is filled in based on the data placed in the inf file of the driver package;
  • Performance - Information for monitoring the performance of the device controlled by the driver. Specifies the name of the performance monitoring DLL and the names of the functions exported by this DLL. Filled in based on the data received from the inf file;

HKLM\SYSTEM\CurrentControlSet\HardwareProfiles

A registry hive that contains information about the hardware profiles of the system and is designed to support this technology. A hardware profile is just a set of changes to the default hardware and service configurations (original configuration) loaded at system startup. Contains specific changes to the original, basic hardware profile configured in two registry keys: HKLM\SOFTWARE and HKLM\SYSTEM . Not used in Windows 7, although registry keys remain, probably for compatibility reasons.

Loading...