The Windows Process Journey — DrvInst.exe (Driver Installation Module)
<p>“DrvInst.exe” is a PE executable located at “%windir%\System32\drvinst.exe”, it is known as “Driver Installation Module”. Since Windows Vista when PnP (Plug and Play) manager detects a new device “DrvInst.exe” is started. It is used for searching and installing the relevant driver for the new device detected (<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/install/debugging-device-installations-with-a-user-mode-debugger" rel="noopener ugc nofollow" target="_blank">https://learn.microsoft.com/en-us/windows-hardware/drivers/install/debugging-device-installations-with-a-user-mode-debugger</a>).</p>
<p>“DrvInst.exe” can also be used for installing drivers while installing a software package. Let us take for example the installation of “OpenVPN Connect” (<a href="https://openvpn.net/client/" rel="noopener ugc nofollow" target="_blank">https://openvpn.net/client/</a>).</p>
<p>Thus, as with most VPN (Virtual Private Network) solutions there is a need to install a TAP driver, which is a virtual network device (<a href="https://www.techradar.com/vpn/what-is-a-tap-adapter" rel="noopener ugc nofollow" target="_blank">https://www.techradar.com/vpn/what-is-a-tap-adapter</a>). This causes “services.exe” to launch a new process using the following arguments “C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall”, which is part of the “DCOM Server Process Launcher”. It is executed with the permission of the “LocalSystem” user.</p>
<p><a href="https://medium.com/@boutnaru/the-windows-process-journey-drvinst-exe-driver-installation-module-d2ea1bcbb39f"><strong>Click Here</strong></a></p>