The following sections describe the optional features of Driver Verifier. See Standard settings for the list of options included when you use the standard settings.
• Automatic Checks
These checks are always performed on a driver that is being verified, regardless of which options have been selected. If the driver uses memory at an improper IRQL, improperly calls or releases spin locks and memory allocations, improperly switches stacks, or frees memory pool without first removing timers, Driver Verifier will detect this behavior. When the driver is unloaded, Driver Verifier will check to see that it has properly released its resources.
• Special Pool
When this option is active, Driver Verifier allocates most of the driver's memory requests from a special pool. This special pool is monitored for memory overruns, memory underruns, and memory that is accessed after it is freed.
• Force IRQL Checking
When this option is active, Driver Verifier places extreme memory pressure on the driver by invalidating pageable code. If the driver attempts to access paged memory at the wrong IRQL or while holding a spin lock, Driver Verifier detects this behavior.
• Low Resources Simulation (called Randomized low resources simulation in Windows 8.1)
When this option is active, Driver Verifier randomly fails pool allocation requests and other resource requests. By injecting these allocation faults into the system, Driver Verifier tests the driver's ability to cope with a low-resource situation.
• Pool Tracking
When this option is active, Driver Verifier checks to see if the driver has freed all its memory allocations when it is unloaded. This reveals memory leaks.
• I/O Verification
When this option is active, Driver Verifier allocates the driver's IRPs from a special pool, and monitors the driver's I/O handling. This detects illegal or inconsistent use of I/O routines.
• Deadlock Detection
(Windows XP and later) When this option is active, Driver Verifier monitors the driver's use of spin locks, mutexes, and fast mutexes. This detects if the driver's code has the potential for causing a deadlock at some point.
• Enhanced I/O Verification
(Windows XP and later) When this option is active, Driver Verifier monitors the calls of several I/O Manager routines and performs stress testing of PnP IRPs, power IRPs and WMI IRPs. In Windows 7 and later versions of the Windows operating system, all the features of Enhanced I/O Verification are included as part of I/O Verification and it is no longer available nor necessary to select this option in Driver Verifier Manager or from the command line.
• DMA Verification
(Windows XP and later) When this option is active, Driver Verifier monitors the driver's use of DMA routines. This detects improper use of DMA buffers, adapters, and map registers.
• Security Checks
(Windows Vista and later) When this option is active, Driver Verifier looks for common errors that can result in security vulnerabilities, such as a reference to user-mode addresses by kernel-mode routines.
• Miscellaneous Checks
(Windows Vista and later) When this option is active, Driver Verifier looks for common causes of driver crashes, such as the mishandling of freed memory.
• Force Pending I/O Requests
(Windows Vista and later) When this option is active, Driver Verifier tests the driver's response to STATUS_PENDING return values by returning STATUS_PENDING for random calls to IoCallDriver.
• IRP Logging
(Windows Server 2003 and later) When this option is active, Driver Verifier monitors a driver's use of IRPs and creates a log of IRP use.
• Disk Integrity Checking
(Introduced in Windows Server 2003. Not available in Windows 7 and later.) When this option is active, Driver Verifier monitors hard disk access, and detects whether the disk is preserving its data correctly.
• SCSI Verification
(Windows XP and later) When this option is active, Driver Verifier monitors a SCSI miniport driver for improper use of exported SCSI port routines, excessive delays, and improper handling of SCSI requests.
• Storport Verification
(Windows Vista and later) When this option is active, Driver Verifier monitors a Storport miniport driver for improper use of exported Storport routines, excessive delays, and improper handling of Storport requests.
• Power Framework Delay Fuzzing
(Starting with Windows 8) When this option is active, Driver Verifier randomizes thread schedules to help flush out concurrency errors in the drivers that use the power management framework (PoFx). This option is not recommended for drivers that do not directly utilize the power management framework (PoFx)..
• DDI compliance checking
(Starting with Windows 8) When this option is active, Driver Verifier applies a set of device driver interface (DDI) rules that check for the proper interaction between a driver and the kernel interface of the operating system.
• Invariant MDL Checking for Stack
(Starting with Windows 8) The Invariant MDL Checking for Stack option monitors how the driver handles invariant MDL buffers across the driver stack. Driver Verifier can detect illegal modification of invariant MDL buffers. To use this option, I/O Verification must be enabled on at least one driver.
• Invariant MDL Checking for Driver
(Starting with Windows 8) The Invariant MDL Checking for Driver option monitors how the driver handles invariant MDL buffers on a per-driver basis. This option detects illegal modification of invariant MDL buffers. To use this option, you must enable I/O Verification on at least one driver.
• Stack Based Failure Injection
(Only available with Windows 8 and WDK 8) The Stack Based Failure Injection option injects resource failures in kernel mode drivers. This option uses a special driver, KmAutoFail.sys, in conjunction with Driver Verifier to penetrate driver error handling paths.
• Systematic low resources simulation
(Starting with Windows 8.1) The Systematic low resources simulation option injects resource failures in kernel mode drivers.
• NDIS/WIFI verification
(Starting with Windows 8.1) When this option is active, Driver Verifier applies a set of NDIS and wireless LAN (WIFI) rules that check for the proper interaction between an NDIS miniport driver and the operating system kernel.
• Kernel synchronization delay fuzzing
(Starting with Windows 8.1) This option randomizes thread schedules to help detect concurrency bugs in drivers.
• VM switch verification
(Starting with Windows 8.1) This option monitors filter drivers (extensible switch extensions) that run inside the Hyper-V Extensible Switch.
The !verifier extension displays the status of Driver Verifier and its actions.
Driver Verifier is included in Windows. It works on both checked and free builds. For information about Driver Verifier, see the Driver Verifier topic in the Windows Driver Kit (WDK) documentation.
Syntax in Windows 2000
!verifier [Flags [Image]]
Syntax in Windows XP and later
!verifier [Flags [Image]]
!verifier 4 [Quantity]
!verifier 8 [Quantity]
!verifier 0x40 [Quantity]
!verifier 0x80 [Quantity]
!verifier 0x80 Address
!verifier 0x100 [Quantity]
!verifier 0x100 Address
!verifier 0x200 [Address]
!verifier 0x400 [Address]
!verifier -disable
!verifier ?
Parameters
Flags
Specifies what information is displayed in the output from this command. If Flags is equal to the value 4, 8, 0x20, 0x40, 0x80, or 0x100, then the remaining arguments to !verifier are interpreted based on the specific arguments associated with those values. If Flags is equal to any other value, even if one or more of these bits are set, only the Flags and Image arguments are permitted. Flags can be any sum of the following bits; the default is 0:
Bit 0 (0x1)
Displays the names of all drivers being verified. The number of bytes currently allocated to each driver from the nonpaged pool and the paged pool is also displayed.
Bit 1 (0x2)
Displays information about pools (pool size, headers, and pool tags) and outstanding memory allocations left by unloaded drivers. This flag has no effect unless bit 0 (0x1) is also set.
Bit 2 (0x4)
(Windows XP and later) Displays fault injection information. The return address, symbol name, and displacement of the code requesting each allocation are displayed. If Flags is exactly 0x4 and the Quantity parameter is included, the number of these records displayed can be chosen. Otherwise, four records are displayed.
Bit 3 (0x8)
(Windows XP and later) Displays the most recent IRQL changes made by the drivers being verified. The old IRQL, new IRQL, processor, and time stamp are displayed. If Flags is exactly 0x8 and the Quantity parameter is included, the number of these records displayed can be chosen. Otherwise, four records are displayed.
Warning In 64-bit versions of Windows, some of the kernel functions that raise or lower the IRQL are implemented as inline code rather than as exported functions. Driver Verifier does not report IRQL changes made by inline code, so it is possible for the IRQL transition log produced by Driver Verifier to be incomplete. See Remarks for an example of a missing IRQL transition entry.
Bit 6 (0x40)
(Windows Vista and later) Displays information from the Force Pending I/O Requests option of Driver Verifier, including traces from the log of forced pending IRPs.
The Quantity parameter specifies the number of traces to be displayed. By default, the entire log is displayed.
Bit 7 (0x80)
(Windows Vista and later) Displays information from the kernel pool Allocate/Free log.
The Quantity parameter specifies the number of traces to be displayed. By default, the entire log is displayed.
If Address is specified, only traces associated with the specified address within the kernel pool Allocate/Free log are displayed.
Bit 8 (0x100)
(Windows Vista and later) Displays information from the log of IoAllocateIrp, IoCompleteRequest and IoCancelIrp calls.
The Quantity parameter specifies the number of traces to be displayed. By default, the entire log is displayed.
If Address is specified, only traces associated with the specified IRP address are displayed.
Bit 9 (0x200)
(Windows Vista and later) Displays entries in the Critical Region log.
If Address is specified, only entries associated with the specified thread address are displayed.
Bit 10 (0x400)
(Windows Vista and later) Displays cancelled IRPs that are currently being watched by Driver Verifier.
If Address is specified, only the IRP with the specified address is displayed.
Image
If Flags is used and is not equal to 4, 8, or 0x10, Image specifies the name of a driver. Image is used to filter the information displayed by Flags values of 0x1 and 0x2: only the specified driver is considered. This driver must be currently verified.
Quantity
(Windows XP and later) If Flags is exactly equal to 0x4, Quantity specifies the number of fault injection records to display. If Flags is exactly equal to 0x8, Quantity specifies the number of IRQL log entries to display. If Flags is exactly equal to 0x40, Quantity specifies the number of traces displayed from the log of forced pending IRPs. If Flags is exactly equal to 0x80, Quantity specifies the number of traces displayed from the kernel pool Allocate/Free log. If Flags is exactly equal to 0x100, Quantity specifies the number of traces displayed from the log of IoAllocateIrp, IoCompleteRequest and IoCancelIrp calls.
-disable
(Windows XP and later) Clears the current Driver Verifier settings on the debug target. The clearing of these settings does not persist through a reboot. If you need to disable the Driver Verifier settings to successfully boot, set a breakpoint at nt!VerifierInitSystem and use the !verifier -disable command at that point.