Jaa


Why are all the files not installed when you install a hotfix?

I was asked this question the other day at work and thought it might make for an interesting post.  Someone at work was installing a fix off of the web, in this case it was https://support.microsoft.com/kb/976240 .  After they installed the fix, they noticed that all of the files in the fix were not installed properly.  When I asked how they were determining how the fix was installed, they properly answered, they were looking at the versions of files (please dont ever use dates <G>).  In this case they were specifically looking at the agp440.sys driver.

In the fix, you can see that the version of the file should be 6.0.6001.22563 or 6.0.6002.22267 based on the article.  On this person's machine the file was still the RTM version of the fix.  They couldnt understand why the fix wasnt being installed when it had appeared to install properly the first time.  We piped out the versions of the files installed on the machine and this is what we saw:

Directory of C:\Windows\System32\drivers

01/19/2008  03:09 AM            64,568 AGP440.sys
               1 File(s)         64,568 bytes

 Directory of C:\Windows\System32\DriverStore\FileRepository\machine.inf_00acd73f

11/12/2009  02:05 PM            61,528 AGP440.sys
               1 File(s)         61,528 bytes

 Directory of C:\Windows\System32\DriverStore\FileRepository\machine.inf_46161029

11/12/2009  01:23 PM            61,496 AGP440.sys
               1 File(s)         61,496 bytes

 Directory of C:\Windows\System32\DriverStore\FileRepository\machine.inf_4d27e4e6

02/02/2009  01:47 AM            62,960 AGP440.sys
               1 File(s)         62,960 bytes

 Directory of C:\Windows\System32\DriverStore\FileRepository\machine.inf_eee87d92

01/19/2008  01:09 AM            64,568 AGP440.sys
               1 File(s)         64,568 bytes

 Directory of C:\Windows\System32\DriverStore\FileRepository\machine.inf_f5ca717d

01/19/2008  03:09 AM            64,568 AGP440.sys
               1 File(s)         64,568 bytes

 Directory of C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22366_none_16804b8a90572478

02/02/2009  01:47 AM            62,960 AGP440.sys
               1 File(s)         62,960 bytes

 Directory of C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22563_none_167d4e789059d2c1

11/12/2009  02:05 PM            61,528 AGP440.sys
               1 File(s)         61,528 bytes

 Directory of C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc

01/19/2008  01:09 AM            64,568 AGP440.sys
               1 File(s)         64,568 bytes

 Directory of C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.22267_none_1867c1888d7c8d41

11/12/2009  01:23 PM            61,496 AGP440.sys
               1 File(s)         61,496 bytes

 From this you can see that the version installed right now is definately the RTM build version of the file, but the other thing you can see is the fixes versions of the files in the \Windows\winsxs directory.  I explained to my co-worker that this fix was actually installed because the files in the fix were properly staged, they just werent in use.  I asked that we look at a version of a file in the fix that we knew was loaded properly on the machine so we looked at the version of volmgr.sys.  Here is a snippet of what we saw:

Directory of C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.22267_none_1867c1888d7c8d41

11/12/2009  01:25 PM            65,608 volmgr.sys
               1 File(s)         65,608 bytes

 As you can see, this is the version for 2008 SP2 builds of this fix.

The point of all of this is this.  When you install a hotfix, we stage ALL of the files in that fix on your system in the event that you one day use that particular driver (like AGP440.sys), if you do, we will install the latest staged version of the file to ensure that you have the latest patched version so that we dont retroactively introduce something on the machine that the patch was written to fix.  We can do this for files in a patch or by proactively patching for a feature like IIS before you even install the feature.  Cool upside is that you're always in a patched state, downside is that this takes space and contributes to the size of \Windows\winsxs on the drive.

Hope that helps.

--Joseph

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    January 01, 2003
    Dean;
  1.  Because the previous version of the driver in the driver store wasnt removed.
  2.  Check the version of the in use file in device manager.  If there are other versions of those files that you dont want/need, you can remove it. --Joseph
  • Anonymous
    February 03, 2010
    Does this mean that when the driver will be reinstalled using the INF, the patched driver will be used? In that case, the driver should automatically be reinstalled after the hotfix is installed.

  • Anonymous
    December 25, 2010
    So if a file is in C:WindowsSystem32drivers that doesn't necessarily mean that it's in use ? If that is correct I have two questions.

  1. Why is it in C:WindowsSystem32drivers if it's not being used ?
  2. How do you tell if a driver in C:WindowsSystem32drivers is being used or not ?