Windows Driver Verifier Documentation

Introduction to Windows Driver Verifier

Windows Driver Verifier is a debugging utility that runs in the background and monitors kernel-mode drivers. It is designed to detect and diagnose driver errors that might otherwise cause system instability, crashes (Blue Screens of Death), or data corruption.

By actively checking driver behavior against a set of rules and conditions, Verifier can catch bugs that are often missed by traditional debugging techniques. This makes it an indispensable tool for driver developers aiming to ensure the stability and reliability of their code.

Key Features and Benefits

Early Detection of Errors: Catches a wide range of driver bugs, including memory corruption, unhandled exceptions, race conditions, and illegal driver operations.
System Stability Enhancement: Helps to prevent system crashes and data loss by identifying faulty drivers before they can cause critical failures.
Targeted Testing: Allows developers to enable specific testing features to focus on particular types of driver behavior.
Integration with Debugging Tools: Works seamlessly with WinDbg and other debugging tools for in-depth analysis of detected issues.

Getting Started with Driver Verifier

Driver Verifier is typically run from the command line or via the graphical interface. Here’s a basic overview of how to start using it:

Using the Command Line Tool (`verifier.exe`)

To launch Driver Verifier Manager, open an elevated Command Prompt or PowerShell and type:

verifier.exe

Configuring Verifier Rules

Once Verifier Manager is open, you can select which drivers to monitor and which types of checks to perform. Common configurations include:

Standard Checks: A comprehensive set of tests for common driver issues.
I/O Verification: Focuses on the proper handling of I/O Request Packets (IRPs).
Driver Loading: Verifies the driver loading and unloading process.
Memory Integrity: Checks for heap corruption and buffer overruns.

Tip: It is highly recommended to start with "Standard Checks" and enable "I/O Verification" for most driver development scenarios.

Selecting Drivers

You can choose to:

Verify all installed drivers: Selects all kernel-mode drivers loaded on the system.
Select driver names from a list: Allows you to pick specific drivers to monitor. This is often preferred to reduce system overhead.
Verify drivers loaded from a specific path: Useful for testing a particular build of your driver.

Common Driver Verifier Settings

Driver Verifier offers a variety of specialized checks:

Driver Verifier Manager: The primary interface for configuring and managing Driver Verifier.
Advanced Options: Access to more granular controls and specific test categories.
System Restart Required: Changes to Driver Verifier settings typically require a system reboot to take effect.

Key Verification Levels:

Standard Settings: Covers essential checks for driver stability.
I/O Verification: Monitors IRP handling, including correct completion and cancellation.
Driver Load Checks: Ensures drivers are loaded and unloaded correctly.
Force I/O Verification: Forces all IRPs to be completed synchronously, helping to find concurrency bugs.
DMA Verification: Checks for correct usage of Direct Memory Access (DMA).
Security Checks: Validates security-related operations performed by drivers.
Pool Tracking: Monitors memory pool allocations and deallocations to detect leaks and corruption.
Deadlock Detection: Identifies potential deadlock situations within drivers.

Note: Enabling too many checks simultaneously can significantly impact system performance. Start with the essential checks and gradually enable more as needed.

Interpreting Verifier Output

When Driver Verifier detects an error, it will typically trigger a bug check (BSOD). The bug check code and parameters often provide clues about the nature of the problem. You will usually see a message on the BSOD screen indicating that Driver Verifier has found a problem.

After a crash, the system may generate a dump file. Analyzing this dump file with a debugger like WinDbg is crucial for pinpointing the exact source of the driver error. Driver Verifier's output within the debugger will often highlight the failing driver and the specific violation detected.

Troubleshooting and Best Practices

Always use a test system: Never run Driver Verifier on a production machine, as it can cause system instability.
Enable Verifier early and often: Integrate Verifier into your development and testing workflow from the beginning.
Target your testing: If possible, select only your drivers for verification to minimize performance impact.
Consult dump files: Learn to analyze crash dump files to understand Verifier's findings.
Understand the bug check codes: Familiarize yourself with common bug check codes related to driver errors.
Disable Verifier when not testing: Once you have completed your testing and are confident in your driver's stability, disable Verifier to return the system to normal performance.