Using NtLoadDriver/NtUnloadDriver: basics

NtLoadDriver uses a registry key for the driver (of the form L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"). To create this key, you can either use the "sc create" command:

> sc create someDrv type= kernel binPath= "D:\TestProjects\004_sampleDriver\someDrv.sys"

or create the driver key using the Registry Windows API, or even do the same manually. As a minimum, the registry key should have the ImagePath (in Unicode) and the Type (equal to 1) values.