Article ID: 244617 - View products that this article applies to.
This article was previously published under Q244617
Support for Windows Vista Service Pack 1 (SP1) ended on July 12, 2011. To continue receiving security updates for Windows, make sure that you're running Windows Vista with Service Pack 2 (SP2). For more information, go to this Microsoft webpage: Support is ending for some versions of Windows
The Driver Verifier tool that is included in every version of Windows since Windows 2000 is used to detect and troubleshoot many driver issues that are known to cause system corruption, failures, or other unpredictable behavior. This article describes how to use Driver Verifier to isolate and troubleshoot a driver in the system.
This article discusses the following topics:
Driver Verifier CapabilitiesTo use Driver Verifier, run Verifier.exe, and then restart your computer. You do not have to make any other changes to begin analyzing drivers in the system. For Windows Vista and later versions, your user account requires Administrator privileges to run Verifier.exe.
Driver Verifier can check many different aspects of a driver’s behavior. These capabilities are grouped into options or settingsthat are enabled by the use of flags. (The terms "options," "settings," and "flags" are typically interchangeable in Driver Verifier documentation. They represent similar concepts.)
For detailed information about each flag, go to the following MSDN website:
Driver Verifier Options
Standard OptionsThe following options together represent the rules that all drivers in the system should not violate. These options are enabled when you choose to enable “standard settings” in the Driver Verifier GUI or you specify the /standard switch when you configure Driver Verifier by using the command line.
Automatic ChecksThese checks are always performed on a driver that is being verified, regardless of which options have been selected.
Examples of Automatic Checks:
Special PoolWhen this option is active, Driver Verifier allocates most of the driver's memory requests from a special pool. This special pool is monitored for memory overruns, memory underruns, and memory that is accessed after it is freed.
Force IRQL CheckingWhen this option is active, Driver Verifier places extreme memory pressure on the driver by invalidating pageable code. If the driver attempts to access paged memory at the wrong IRQL or while holding a spin lock, Driver Verifier detects this behavior.
Pool TrackingWhen this option is active, Driver Verifier checks to see if the driver has freed all its memory allocations when it is unloaded. This reveals memory leaks.
I/O VerificationWhen this option is active, Driver Verifier allocates the driver's IRPs from a special pool, and monitors the driver's I/O handling. This detects illegal or inconsistent use of I/O routines.
When I/O Verifier is enabled:
Deadlock Detection(Windows XP and later versions) When this option is active, Driver Verifier monitors the driver's use of spin locks, mutexes, and fast mutexes. This detects if the driver's code has the potential for causing a deadlock at some point.
Enhanced I/O Verification(Windows XP and later versions)When this option is active, Driver Verifier monitors the calls of several I/O Manager routines and performs stress testing of PnP IRPs, power IRPs and WMI IRPs.
Note In Windows 7 and later versions, all the features of Enhanced I/O Verification are included as part of I/O Verification. This option is no longer available or required in Driver Verifier Manager or from a command line.
DMA Verification(Windows XP and later) When this option is active, Driver Verifier monitors the driver's use of DMA routines. This detects improper use of DMA buffers, adapters, and map registers.
Security Checks(Windows Vista and later versions) When this option is active, Driver Verifier looks for common errors that can result in security vulnerabilities, such as a reference to user-mode addresses by kernel-mode routines.
Miscellaneous Checks(Windows Vista and later versions) When this option is active, Driver Verifier looks for common causes of driver crashes, such as the mishandling of freed memory.
DDI compliance checking(Windows 8 and later versions) When this option is active, Driver Verifier applies a set of device driver interface (DDI) rules that check for the proper interaction between a driver and the kernel interface of the operating system.
The DDI compliance checking option is implemented by using a Kernel-mode library, called VerifierExt.sys. If a violation of one of the DDI Compliance Checking rules is found, VerifierExt.sys will be the module that called for the system bugcheck to occur.
Additional OptionsThese options are designed for testing of specific scenario testing, or are options that will inject failures or delays into certain DDI routines in order to simulate extreme stress conditions.
Driver Verifier RequirementsThe only requirement is that you must install Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, or Windows Server 2003. You can enable Driver Verifier on both retail and checked versions of Windows. See Microsoft Knowledge Base article 251233 for information about what to consider before you enable Driver Verifier Manager on production servers. If Norton Antivirus is installed, do not enable Driver Verifier's Deadlock Detection because of the recommendations in Microsoft Knowledge Base article 325672.
Enabling Driver VerifierYou can enable Driver Verifier by using Verifier.exe. Verifier.exe is included with every copy of Windows and automatically installed into the System32 folder. Verifier.exe has both command-line and graphical user interface (GUI) interfaces, so you can specify drivers and appropriate levels of verification. You can also see Driver Verifier statistics in real time. For additional information, refer to the "Driver Verifier Manager" section of this article.
Debugging Driver Verifier ViolationsShould Driver Verifier detect a violation, the standard behavior is to bugcheck the system as to provide the most information possible about debugging the issue. A system connected to a debugger will stop once a bugcheck has occurred.
All Driver Verifier violations result in bug checks, the most common ones (although not necessarily all of them) are:
Debugger extensions that are specific to Driver Verifier:
Driver Verifier and Graphics DriversWindows kernel-mode graphics drivers (such as printer and display driver DLLs) are restricted from calling the pool entry point directly. Rather, pool allocations are performed indirectly using graphics device driver interface (DDI) callbacks to Win32k.sys. For example, EngAllocMem is the callback that a graphics driver calls to explicitly allocate pool memory. Also, other specialized callbacks such as EngCreatePalette and EngCreateBitmap return pool memory.
To provide the same sort of automated testing for the graphics drivers, support for some of the Driver Verifier functions is incorporated into Win32k.sys. However, because graphics drivers are more restricted than other kernel-mode drivers, they require only a subset of the Driver Verifier functionality. Specifically, IRQL checking and I/O verification are not needed. The other functionality, namely using special pool, random failure of pool allocations, and pool tracking, are supported to varying degrees in the different graphics DDI callbacks.
Random failures are supported for the following graphics DDI callback functions:
Enabling Driver Verifier for the graphics drivers is identical to the other drivers (refer to the "Enabling Driver Verifier" section of this article for additional information). Unsupported flags such as IRQL checking are ignored. In addition, you can use the !gdikdx.verifier kernel-debugger command to examine current Driver Verifier state and pool traces for graphics drivers.
NOTE: You should only use the random allocation failure setting for robustness testing. Use of this setting may cause rendering error messages, so you should not use this setting with verification tests to check the correctness of the graphics driver's implementation (for example, by comparing the graphics driver output to a reference image).
Driver Verifier Manager (Verifier.exe)The Driver Verifier Manager tool (Verifier.exe) is the preferred way to create and modify Driver Verifier settings and to gather statistics from Driver Verifier. Verifier.exe is located in the %WinDir%\System32 folder for every Windows installation.
Driver Verifier Manager is the GUI included with Windows to configure Driver Verifier. Start the Driver Verifier Manager by using verifier.exe without any additional command line switches. Whenever switches are included, the command-line based version of the utility is used.
For help with configuring Driver Verifier, run verifier.exe /? from an Administrator CMD window.
Driver StatusThe Driver Status property page gives you an image of the current status of Driver Verifier. You can see what drivers the verifier detects. The status can be one of the following:
If you enable the Special Pool flag and less than 95 percent of the pool allocations went to the special pool, a warning message is displayed on this page. This means that you need to select a smaller set of drivers to verify or add more physical memory to the computer to obtain better coverage of the pool allocations verification.
Global CountersThe Global Counters property page shows the current value of some counters maintained by Driver Verifier. A zero value for a counter can indicate that the associated Driver Verifier flag is not enabled. For example, a value of 0 for the Other/Faults counter indicates that the low resource simulation flag is not enabled. You can monitor the activity of the verifier because the values of the counters are updated automatically (by default). You can change the refresh rate, switch to manual refresh, or force a refresh using the group of controls in the lower-left area of the dialog box.
Pool TrackingThis property page shows more statistics gathered from Driver Verifier. All of the counters shown on this page are related to the Pool Tracking flag of the verifier. Most of them are per-driver counters (for example, current allocations, current allocated bytes, and so on). This means you must select a driver name from the top combination box to view the counters for that specific driver.
SettingsYou can use this page to create and modify Driver Verifier settings. The settings are saved in the registry and you must restart the computer for the settings to take effect. You can use the list to view the currently installed drivers. Each driver can be in one of the following states:
In the bottom of the dialog box, you can specify additional drivers (separated by spaces) that you want verified after the next restart. You typically use this edit control when you want to install a new driver that is not already loaded.
If the radio button group on the top of the list is set to Verify all drivers, the list and the Verify and Don't Verify buttons and the edit control are unavailable. This means that after the next restart, all the drivers in the system are verified.
You can set the verification type using the check boxes in the upper-right area of the dialog box. You can enable I/O Verification at level 1 or at level 2. Level 2 verification is stronger than level 1.
You must save any modification to the settings by clicking Apply. There are two more buttons in this page:
Volatile SettingsYou can use this property page to change the Driver Verifier flags immediately. You can only toggle the state of some of the Driver Verifier flags and you cannot change the list of the drivers that are being verified. After you change the status of some check boxes, you must click Apply for the changes to take effect. The changes take effect immediately and they last until you make additional changes or until you restart the computer.
The Command-Line InterfaceYou can also run Verifier.exe from a command line (for more information, type verifier.exe /? at a command prompt). Multiple switches can be used on the command line, for example:
Verifier.exe /flags 0x209BB /driver MyDriver1.sys MyFilterDriver1.sys
The following list shows the most commonly used command line flags:
Configuring Options (Flags):For Windows XP and later:
Configuring Drivers to Verify:
verifier.exe /driver driver1.sys [driver2.sys driver3.sys …]
This command specifies the specific driver or drivers to verify. Provide additional drivers in a space-separated list.
Verifies all the drivers in the system.
Configuring using Volatile mode:
verifier.exe /volatile /flags value /adddriver MyDriver1.sys
Changes verifier flags immediately, and adds MyDriver1.sys for verification.
Querying current Verifier Statistics:
Dump the current Driver Verifier status and counters to the standard output.Querying current Verifier Settings:
Dump the current Driver Verifier settings to the standard output.
Clearing Verifier Settings:
Erases all current Driver Verifier settings.
Additional Information for Driver DevelopersThe sections that follow describe additional details about driver verifier settings that may be of interest to driver developers. These settings are not generally required by IT professionals.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To enable Driver Verifier by editing the registry, follow these steps:
The following list shows examples of values for the REG_SZ key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDriverLevelThe value of the key is a DWORD representing the collection of all flags enabled.
Article ID: 244617 - Last Review: June 5, 2013 - Revision: 7.3