Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Using Driver Verifier to identify issues with Windows drivers for advanced users
Article ID: 244617 - View products that this article applies to.
This article was previously published under Q244617
Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows
Driver Verifier is included in Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver. This article describes how to use Driver Verifier to isolate and troubleshoot a driver in the system.
This article discusses the following topics:
Driver Verifier CapabilitiesYou can use Driver Verifier by running Verifier.exe and then restarting your computer. You do not need to make any other changes to begin analyzing drivers in the system.
Driver Verifier provides the following capabilities.
Pool AllocationsAttempt to allocate all of a driver's pool allocations from special pool. Instead of sharing pool allocations with the rest of the system, this driver's allocations are isolated and bound by No Access permissions. This capability determines if a driver allocates more than its share of the pool and therefore causing corruption and system instability as a result. When you enable this capability and the target computer has enough physical and virtual memory, all of the driver's allocations are automatically redirected into special pool.
Provide Extreme Memory PressureExtreme memory pressure can be provided on a specific driver without affecting other drivers (regardless of system memory size). You can do this by instructing memory management to invalidate all of the driver's pageable code and data, as well as system paged pool, code, and data. This lets you detect a driver that incorrectly holds spin locks or raises IRQL and then gains access to paged code or data. You can use Extreme Memory Pressure to detect intermittent problems and isolate the cause.
Parameter ValidationAll spin lock, IRQL, and pool allocation calls the driver makes receive automatic parameter validation. This means that checks are made to ensure the following things:
Pool Allocation Injection FailuresPool allocations that are not marked MUST_SUCCEED by the driver can be randomly failed to ensure the driver can correctly handle a low memory situation.
Pool Being FreedAll pool being freed is examined to ensure no pending timers are inside the pool allocation as these cases would cause extremely hard to track down system crashes.
Pool Leakage DetectionAll of the driver's pool allocations are automatically tracked. At driver unload time, a bug check occurs if any of the allocations are not freed. You can then use the !verifier 3 kernel-debugger command to show all the allocations that are not freed. You can also use this command before unloading to view the outstanding allocations the driver has at any point in time.
Driver Unload CheckingDriver unload checking is performed to catch drivers that unload and do not clean up resources used (which increases the possibility of a system bug check shortly after the driver unloads). Resources that the driver may not delete include look-aside lists, pending deferred procedure calls (DPCs), worker threads, queues, timers, and other resources.
I/O VerifierIf you turn on the I/O Verifier flag using the Verifier tool or the VerifyDriverLevel registry key (for more information, refer to the "Enabling Driver Verification" section of this article), some I/O Manager verifications are turned on. This includes:
Driver Verifier RequirementsThe only requirement is that you must install Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, or Windows Server 2003. You can enable Driver Verifier on both retail and checked versions of Windows. See Microsoft Knowledge Base article 251233 for information about what to consider before you enable Driver Verifier Manager on production servers. If Norton Antivirus is installed, do not enable Driver Verifier's Deadlock Detection because of the recommendations in Microsoft Knowledge Base article 325672.
Enabling Driver VerifierYou can enable Driver Verifier by using Verifier.exe. Verifier.exe is included with every copy of Windows and automatically installed into the System32 folder. Verifier.exe has both command-line and graphical user interface (GUI) interfaces, so you can specify drivers and appropriate levels of verification. You can also see Driver Verifier statistics in real time. For additional information, refer to the "Driver Verifier Manager" section of this article.
Debugging Driver Verifier ViolationsBoth the !verifier command in the kernel debugger and the Verifier.exe tool show the current Driver Verifier configuration and statistics in real time.
All Driver Verifier violations result in bug checks, the most common ones (although not necessarily all of them) are:
Driver Verifier and Graphics DriversWindows kernel-mode graphics drivers (such as printer and display driver DLLs) are restricted from calling the pool entry point directly. Rather, pool allocations are performed indirectly using graphics device driver interface (DDI) callbacks to Win32k.sys. For example, EngAllocMem is the callback that a graphics driver calls to explicitly allocate pool memory. Also, other specialized callbacks such as EngCreatePalette and EngCreateBitmap return pool memory.
To provide the same sort of automated testing for the graphics drivers, support for some of the Driver Verifier functions is incorporated into Win32k.sys. However, because graphics drivers are more restricted than other kernel-mode drivers, they require only a subset of the Driver Verifier functionality. Specifically, IRQL checking and I/O verification are not needed. The other functionality, namely using special pool, random failure of pool allocations, and pool tracking, are supported to varying degrees in the different graphics DDI callbacks.
Random failures are supported for the following graphics DDI callback functions:
Enabling Driver Verifier for the graphics drivers is identical to the other drivers (refer to the "Enabling Driver Verifier" section of this article for additional information). Unsupported flags such as IRQL checking are ignored. In addition, you can use the !gdikdx.verifier kernel-debugger command to examine current Driver Verifier state and pool traces for graphics drivers.
NOTE: You should only use the random allocation failure setting for robustness testing. Use of this setting may cause rendering error messages, so you should not use this setting with verification tests to check the correctness of the graphics driver's implementation (for example, by comparing the graphics driver output to a reference image).
Driver Verifier Manager (Verifier.exe)The Driver Verifier Manager tool (Verifier.exe) is the preferred way to create and modify Driver Verifier settings and to gather statistics from Driver Verifier. Verifier.exe is located in the %WinDir%\System32 folder for every Windows installation.
Driver StatusThe Driver Status property page gives you an image of the current status of Driver Verifier. You can see what drivers the verifier detects. The status can be one of the following:
If you enable the Special Pool flag and less than 95 percent of the pool allocations went to the special pool, a warning message is displayed on this page. This means that you need to select a smaller set of drivers to verify or add more physical memory to the computer to obtain better coverage of the pool allocations verification.
Global CountersThe Global Counters property page shows the current value of some counters maintained by Driver Verifier. A zero value for a counter can indicate that the associated Driver Verifier flag is not enabled. For example, a value of 0 for the Other/Faults counter indicates that the low resource simulation flag is not enabled. You can monitor the activity of the verifier because the values of the counters are updated automatically (by default). You can change the refresh rate, switch to manual refresh, or force a refresh using the group of controls in the lower-left area of the dialog box.
Pool TrackingThis property page shows more statistics gathered from Driver Verifier. All of the counters shown on this page are related to the Pool Tracking flag of the verifier. Most of them are per-driver counters (for example, current allocations, current allocated bytes, and so on). This means you must select a driver name from the top combination box to view the counters for that specific driver.
SettingsYou can use this page to create and modify Driver Verifier settings. The settings are saved in the registry and you must restart the computer for the settings to take effect. You can use the list to view the currently installed drivers. Each driver can be in one of the following states:
In the bottom of the dialog box, you can specify additional drivers (separated by spaces) that you want verified after the next restart. You typically use this edit control when you want to install a new driver that is not already loaded.
If the radio button group on the top of the list is set to Verify all drivers, the list and the Verify and Don't Verify buttons and the edit control are unavailable. This means that after the next restart, all the drivers in the system are verified.
You can set the verification type using the check boxes in the upper-right area of the dialog box. You can enable I/O Verification at level 1 or at level 2. Level 2 verification is stronger than level 1.
You must save any modification to the settings by clicking Apply. There are two more buttons in this page:
Volatile SettingsYou can use this property page to change the Driver Verifier flags immediately. You can only toggle the state of some of the Driver Verifier flags and you cannot change the list of the drivers that are being verified. After you change the status of some check boxes, you must click Apply for the changes to take effect. The changes take effect immediately and they last until you make additional changes or until you restart the computer.
The Command-Line InterfaceYou can also run Verifier.exe from a command line (for more information, type verifier.exe /? at a command prompt). The following list shows the most commonly used command line flags:
Additional Information for Driver DevelopersThe sections that follow describe additional details about driver verifier settings that may be of interest to driver developers. These settings are not generally required by IT professionals.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To enable Driver Verifier by editing the registry, follow these steps:
The following list shows examples of values for the REG_SZ key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDriverLevelThe following list shows the bit-field values for this key. You can freely combine these values:
Article ID: 244617 - Last Review: June 10, 2011 - Revision: 7.2