Driver installation and deinstallation

All versions of the kernel-mode driver are packed to a single CAB file named cbfsregistry.cab, which should be installed to the target system. The cbfsregistry.cab file is located in the Drivers subdirectory of the directory, to which you have installed ProcWatch on your development system.

The driver can be installed using the functions exported by Installer DLL that is provided within CBFS Registry. This DLL can be freely distributed with your projects as long as it is used with the licensed version of ProcWatch.

To install or uninstall the CAB file from your main application use the calls in CBFS Registry API: Install and Uninstall.

Note, that Uninstall function should be used only to completely uninstall the driver. Don't use Uninstall function if you are updating the version of CBFS Registry on target systems. If you use Uninstall, and then attempt to install the updated version without restarting the system, you can either get an error or restart will cause the OS to delete the newly installed files (the OS treats these files as the ones that must be uninstalled). This remark is not applicable when you upgrade CBFS Registry from lower major version (e.g. 2018) to higher version (e.g. 2033): higher major versions are treated as different products and they don't update lower versions.

After you install the CAB file, you need to keep a copy of this file on the destination system, because deinstallation of the files also requires the CAB archive to be present.

Required Permissions

By default, installation and deinstallation of CBFS Registry files (kernel-mode drivers) can be performed from the user account, which belongs to Administrators group. This is a security measure of Windows operating system. You can change this behaviour on the target system by adjusting the list of users and groups that have the right to install and uninstall the drivers. This can be done in Control Panel -> Administrative tools -> Local Security Settings -> Local Policies \ User Rights Assignment (tree branch), there you need to change "Load and Unload device drivers" item. No need to say that by default, you can change the security settings, if you are system administrator.

Notes for Vista and later versions of Windows

If you have UAC (User Account Control) enabled, Vista and later versions of Windows will run applications started by you with limited rights even when you are logged in as the administrator or a member of Administrators group.

If you install or uninstall the drivers by calling the above mentioned functions in your code, you need to elevate privileges of your application so that it's started with truly administrative rights.

To elevate privileges for your application, you must start it with Run As Administrator option. In Windows Explorer, this is done using Run As Administrator command in the context menu for the application. Alternatively, you can set the corresponding option in the Properties window, shown for your executable module.

One more option is to use the manifest. The manifest file can be placed next to the executable of your application or embedded into the executable. If you decide to keep the manifest in a separate file, it must be named <EXEName_with_extension>.manifest, eg. for MyApp.exe the manifest should be called MyApp.exe.manifest.

You can use the following manifest:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity version="1.0.0.0"
	processorArchitecture="X86"
	name="ExeName"
	type="win32"/>
<description>elevate execution level</description>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>