Troubleshooting device drivers

Most Windows 7 users troubleshoot device drivers’ problems by performing an update of a suspected faulty driver, if one is available! Although, driver updates are released to fix bugs and support new environments, sometimes it wise to verify the driver’s behavior before performing an update. Windows 7 provides a Driver Verifier Monitor tool which lets you monitor device drivers for problematic behavior.

The Driver Verifier Monitor is a tool that can put drivers under stress as to find incorrect behavior such as, illegal function calls or actions that might corrupt the system.

To use the Driver Verifier at the command-line, in a Command Prompt window, type verifier followed by at least one command-line parameter.

An important feature in the command-line version is the /volatile option which is a no reboot feature that helps you eliminate repetitive reboots. Additionally, you can monitor your driver while you attach and remove devices.

To start verification of a driver without rebooting, at the command prompt type:

verifier /volatile /adddriver DriverName.sys

while to deactivate all options and clear the verified driver list, type:

verifier /reset

On the other hand, to open the Driver Verifier Manager graphic user interface, in a Command Prompt window, type verifier (with no parameters). A Windows Security dialog box may prompt you for permission to run Driver Verifier Manager. To run it, select Permit.

Amongst the many options available with this tool, we find Automatic Checks. These checks are always performed on a driver that is being verified, tests such as, improper memory allocations, that a driver has properly released its resources when unloaded and many others.

An option that reveals memory leaks is the Pool Tracking. When this option is active, Driver Verifier checks to see if the driver has freed all its memory allocations when it is unloaded.

When the option Security Checks is active, Driver Verifier looks for common errors that can result in security vulnerabilities, such as a reference to user-mode addresses by kernel-mode routines.

Other Miscellaneous Checks looks for common causes of driver crashes, such as the mishandling of freed memory.

The standard options (/standard parameter) include Special Pool, Force IRQL Checking, Pool Tracking, I/O Verification, DMA Verification, and Deadlock Detection, Security Checks and Miscellaneous Checks.

The Driver Verifier command-line utility can create log files. These files will contain periodic updates on a number of statistics related to Driver Verifier’s actions and the actions of the drivers being verified. Log files are created from the Verifier utility by using the /log parameter. The frequency of the log record can be specified as well.

However, I find the GUI handier to monitor drivers. Each entry will contain both global counters and individual counters, just as with the verifier /query command.

Global counters are statistics that monitor some of the actions that Driver Verifier performs on drivers. These statistics are drawn from all drivers being verified.

Individual counters are statistics which monitor some of the actions that Driver Verifier performs on drivers. These statistics are kept separately for each driver being verified.

For example, I want to monitor an unsigned driver vclone.sys without rebooting I would run:

And then use the Driver Verifier Manager to monitor it:

For a detailed explanation of all options, I suggest you visit Microsoft’s MSDN