Harvesting drivers from running computer - cleaner, better, works on Windows 7.

Download: Drivers Harvester

Update from 12/19/15 - now the program copies all OEM drivers to a separate folder, regardless, if they're loaded or not.

Update from 09/01/15 - now the program does not copy PNF files.

 

Inspired by Michael's blog post on grabbing drivers from running computer from here: https://blogs.technet.com/b/mniehaus/archive/2013/09/16/grabbing-out-of-box-drivers-from-a-windows-8-system.aspx, since I've always been advocating the dynamic approach to drivers management, I decided to address some of his concerns and developed my own "drivers harvester". There is a bunch of tools out there, but I would not recommend using them - for example, one of them copies file from INF file keeping its name of OEM<number>.inf. But that, actually, gave me an idea how to tell OEM from inbox drivers..

So let me answer Michael's caveats:

  • "This assumes that all the files required for the driver and/or device are present in the driver folder.  While the core driver files should be there, any applets, control panels, shell extensions, etc. might not be.  So you might need to install the full OEM package to get complete functionality.  In some cases, the driver may not even work without this (e.g. Bluetooth, mobile broadband)."

Answering this, we're not trying to address things like Bluetooth stacks, or Wireless bundles of software - the task is limited to anything that can be installed either with "Install Drivers from Package" or "Auto Apply Drivers" in SCCM or Apply Drivers in SCCM. There is always will be that subset of "tools" that OEMs want to call "Drivers" when actually they are not drivers that you can install with INF. We will have to deal with them separately. My point is that if it's not a software bundle, everything you need is under C:\Windows\System32\DriverStore\FileRepository.

  • "You might get more drivers than you really need.  For example, my laptop has over 100 out-of-box drivers.  Does it really need 100 drivers to work?  No, it only needs 6-7.  Some are older versions, some are for various USB devices that I’ve attached in the last year (printers, cameras, headsets, DisplayPort docks, etc.), some I have no idea where they came from.  So the cleaner the system is, the better."

This is a real concern. So what I do in my harvester, I only find drivers that are currently loaded with psapi.dll library method called EnumDeviceDrivers https://msdn.microsoft.com/en-us/library/windows/desktop/ms682617(v=vs.85).aspx

  • "You will probably get old versions.  The images that OEMs ship on new machines aren’t always kept up to date, so you might find that those original drivers have “issues” – some will get updated immediately from Windows Update, others will require updating from the OEM’s website anyway.  (I would definitely check for the latest video and network drivers regardless.)"

This is, again, a valid concern, but since we're only checking loaded drivers, we are skipping older versions automatically.

 

And here is what Michael says: "For example, my laptop has over 100 out-of-box drivers.  Does it really need 100 drivers to work?  No, it only needs 6-7. "

You got it, Michael. Sorry, it's a little more - but all of those are a real deal!

So here is the algorithm - how it works.

  1. We process all loaded drivers collecting their SHA1 hash
  2. We process all C:\WINDOWS\INF\OEM*.INF files collecting their SHA1 hash
  3. We scan trough all files from C:\Windows\System32\DriverStore\FileRepository looking for matching hash for a loaded driver
  4. If we found one, we scan the same subfolder for any INF files
  5. If we found one and it's hash contained in previously collected hashes of OEM*.INF files - that's it - we copy that folder to our destination.

Here is how to use it:

  1. Download attached file
  2. Copy "Program" anywhere
  3. Run "HarvestDrivers.exe"
  4. Enter the path to target directory
  5. You can watch the log at %localappdata%\HarvestDrivers\log.txt

Enjoy! If you don't trust unknown exe from untrusted source - source code is attached.