Microsoft KB Archive/253955

From BetaArchive Wiki

How to Use Driver Verifier to Troubleshoot Device Drivers in Windows 2000

Q253955



The information in this article applies to:


  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server



IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.


SUMMARY

Driver Verifier is included in Windows 2000 to promote stability and reliability, and you can use this tool to troubleshoot driver issues. In Windows 2000, kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver. This article describes how to use Driver Verifier to isolate and troubleshoot a driver in the system.



MORE INFORMATION

This article discusses the following topics:

  • Driver Verifier Capabilities
  • I/O Verifier
  • Driver Verifier Requirements
  • Enabling Driver Verifier
  • Debugging Driver Verifier Violations
  • Driver Verifier and Graphics Drivers
  • Driver Verifier Manager (Verifier.exe)
  • Global Counters
  • Pool Tracking
  • Settings
  • Volatile Settings
  • Command-Line Interface

Driver Verifier Capabilities

You can use Driver Verifier by adding a registry entry and then restarting your computer. You do not need to make any other changes to begin analyzing drivers in the system.

NOTE: You can enable Driver Verifier on both retail and checked versions of Windows 2000.

Driver Verifier provides the following capabilities (you can enable or disable these capabilities in the registry).

Pool Allocations

Attempt to allocate all of a driver's pool allocations from special pool. Instead of sharing pool allocations with the rest of the system, this driver's allocations are isolated and bound by No Access permissions. This capability determines if a driver allocates more then its share of the pool and therefore causing corruption and system instability as a result. When you enable this capability and the target computer has enough physical and virtual memory, all of the driver's allocations are automatically redirected into special pool.

Provide Extreme Memory Pressure

Extreme memory pressure can be provided on a specific driver without affecting other drivers (regardless of system memory size). You can do this by instructing memory management to invalidate all of the driver's pageable code and data, as well as system paged pool, code, and data. This lets you detect a driver that incorrectly holds spin locks or raises IRQL and then gains access to paged code or data. You can use Extreme Memory Pressure to detect intermittent problems and isolate the cause.

Parameter Validation

All spin lock, IRQL, and pool allocation calls the driver makes receive automatic parameter validation. This means that checks are made to ensure the following things:

  • A raised IRQL really is a raised IRQL (the current IRQL is less than the target IRQL).
  • A lower IRQL really is a lower IRQL.
  • Double release of a spin lock.
  • Spin lock acquisitions/releases are made at the proper IRQL.
  • Paged pool allocations/frees are made at the correct IRQL (APC_LEVEL or below).
  • Non-paged pool allocations/frees are made at the correct IRQL (DISPATCH_LEVEL or below).
  • No random (uninitialized) values are specified to these application programming interfaces (APIs).

Pool Allocation Injection Failures

Pool allocations that are not marked MUST_SUCCEED by the driver can be randomly failed to ensure the driver can correctly handle a low memory situation.

Pool Being Freed

All pool being freed is examined to ensure no pending timers are inside the pool allocation as these cases would cause extremely hard to track down system crashes.

Pool Leakage Detection

All of the driver's pool allocations are automatically tracked. At driver unload time, a bug check occurs if any of the allocations are not freed. You can then use the !verifier 3 kernel-debugger command to show all the allocations that are not freed. You can also use this command before unloading to view the outstanding allocations the driver has at any point in time.

Driver Unload Checking

Driver unload checking is performed to catch drivers that unload and do not clean up resources used (which increases the possibility of a system bug check shortly after the driver unloads). Resources that the driver may not delete include look-aside lists, pending deferred procedure calls (DPCs), worker threads, queues, timers, and other resources.

I/O Verifier

If you turn on the I/O Verifier flag using the Verifier tool or the VerifyDriverLevel registry key (for more information, refer to the "Enabling Driver Verification" section of this article), some I/O Manager verifications are turned on. This includes:

  • All IRPS allocated through IoAllocateIrp are allocated from special pool.
  • Checks are made in IoCallDriver, IoCompleteRequest, and IoFreeIrp to catch driver error messages.
  • All I/O Verifier failures bug check with the code DRIVER_VERIFIER_IOMANAGER_VIOLATION (0xC9).

Driver Verifier Requirements

The only requirement is that you must install Windows 2000.

Enabling Driver Verifier

You can enable Driver Verifier using Verifier.exe or by editing the registry.

Using Verifier.exe

This is the preferred method of enabling Driver Verifier (Verifier.exe is included with every copy of Windows 2000 and automatically installed into the System32 folder). Verifier.exe has both command-line and graphical user interface (GUI) interfaces, so you can specify drivers and appropriate levels of verification. You can also see Driver Verifier statistics in real time. For additional information, refer to the "Driver Verifier Manager" section of this article.

Editing the Registry

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).


To enable Driver Verifier by editing the registry, use the following steps:

  1. Start Registry Editor (Regedt32).
  2. Locate the following registry key:
  3. Edit the REG_SZ key.

    Set the REG_SZ key to the case-insensitive name(s) of the driver(s) you want to test. You can specify multiple drivers, but you should only use one driver to ensure that available system resources are not prematurely depleted. Premature depletion of resources does not result in any system reliability problems, but can cause some driver checking to be bypassed.

    The following list shows examples of values for the REG_SZ key:

    Ntfs.sys

    Win32k.sys ftdisk.sys

    • .sys

You can specify the level of driver verification in the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDriverLevel

The following list shows the bit-field values for this key (which you can freely combine):

  • 0x01: Attempts to satisfy all allocations from special pool.
  • 0x02: Applies memory pressure to this driver to validate IRQL usage in regards to accessing pageable code and data.
  • 0x04: Randomly fails various pool allocation requests. This action is only performed after the system has started and reached a point where the problem can be treated as reasonable situations that must be handled.
  • 0x08: Enable pool allocation tracking. Every allocation must be freed before the driver unloads or the system performs a bug check.
  • 0x10: Enable the I/O verifier.

NOTE: The default value is 3 if the key does not exist or if you do not specify a level of driver verification.

Debugging Driver Verifier Violations

Both the !verifier command in the kernel debugger and the Verifier.exe tool show the current Driver Verifier configuration and statistics in real time.

All Driver Verifier violations result in bug checks, the most common ones (although not necessarily all of them) are:

  • IRQL_NOT_LESS_OR_EQUAL 0xA
  • PAGE_FAULT_IN_NONPAGED_AREA 0x50
  • PAGE_FAULT_IN_NONPAGED_AREA 0x50
  • ATTEMPTED_WRITE_TO_READONLY_MEMORY 0xBE
  • SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION 0xC1
  • DRIVER_VERIFIER_DETECTED_VIOLATION 0xC4
  • DRIVER_CAUGHT_MODIFYING_FREED_POOL 0xC6
  • TIMER_OR_DPC_INVALID 0xC7
  • DRIVER_VERIFIER_IOMANAGER_VIOLATION 0xC9

Driver Verifier and Graphics Drivers

Windows 2000 kernel-mode graphics drivers (such as printer and display driver DLLs) are restricted from calling the pool entry point directly. Rather, pool allocations are performed indirectly using graphics device driver interface (DDI) callbacks to Win32k.sys. For example, EngAllocMem is the callback that a graphics driver calls to explicitly allocate pool memory. Also, other specialized callbacks such as EngCreatePalette and EngCreateBitmap return pool memory.

To provide the same sort of automated testing for the graphics drivers, support for some of the Driver Verifier functions is incorporated into Win32k.sys. However, because graphics drivers are more restricted than other kernel-mode drivers, they require only a subset of the Driver Verifier functionality. Specifically, IRQL checking and I/O verification are not needed. The other functionality, namely using special pool, random failure of pool allocations, and pool tracking, are supported to varying degrees in the different graphics DDI callbacks.

Random failures are supported for the following graphics DDI callback functions:

  • EngAllocMem
  • EngAllocUserMem
  • EngCreateBitmap
  • EngCreateDeviceSurface
  • EngCreateDeviceBitmap
  • EngCreatePalette
  • EngCreateClip
  • EngCreatePath
  • EngCreateWnd
  • EngCreateDriverObj
  • BRUSHOBJ_pvAllocRbrush
  • CLIPOBJ_ppoGetPath

In addition, the use of special pool and pool tracking is supported for EngAllocMem.

Enabling Driver Verifier for the graphics drivers is identical to the other drivers (refer to the "Enabling Driver Verifier" section of this article for additional information). Unsupported flags such as IRQL checking are ignored. In addition, you can use the !gdikdx.verifier kernel-debugger command to examine current Driver Verifier state and pool traces for graphics drivers.

NOTE: You should only use the random allocation failure setting for robustness testing. Use of this setting may cause rendering error messages, so you should not use this setting with verification tests to check the correctness of the graphics driver's implementation (for example, by comparing the graphics driver output to a reference image).

Driver Verifier Manager (Verifier.exe)

The Driver Verifier Manager tool (Verifier.exe) is the preferred way to create and modify Driver Verifier settings and to gather statistics from Driver Verifier. Verifier.exe is located in the %WinDir%\System32 folder for every Windows 2000 installation.

Driver Status

The Driver Status property page gives you an image of the current status of Driver Verifier. You can see what drivers the verifier detects. The status can be one of the following:

  • Loaded: The driver is currently loaded and verified.
  • Unloaded: The driver is not currently loaded but it was loaded at least once since you restarted the computer.
  • Never Loaded: The driver was never loaded. This status can indicate that the driver's image file is corrupted or that you specified a driver name that is missing from the system.

You can click the list header to sort the list by driver names or status. In the upper-right area of the dialog box, you can view the current types of the verification that are in effect. The status of the drivers is updated automatically if you do not switch to manual refresh mode. You can modify the refresh rate using the radio buttons in the lower-left area of the dialog box. You can also force an update of the status by clicking Update Now.

If you enable the Special Pool flag and less than 95 percent of the pool allocations went to the special pool, a warning message is displayed on this page. This means that you need to select a smaller set of drivers to verify or add more physical memory to the computer to obtain better coverage of the pool allocations verification.

Global Counters

The Global Counters property page shows the current value of some counters maintained by Driver Verifier. A zero value for a counter can indicate that the associated Driver Verifier flag is not enabled. For example, a value of 0 for the Other/Faults counter indicates that the low resource simulation flag is not enabled. You can monitor the activity of the verifier because the values of the counters are updated automatically (by default). You can change the refresh rate, switch to manual refresh, or force a refresh using the group of controls in the lower-left area of the dialog box.

Pool Tracking

This property page shows more statistics gathered from Driver Verifier. All of the counters shown on this page are related to the Pool Tracking flag of the verifier. Most of them are per-driver counters (for example, current allocations, current allocated bytes, and so on). This means you must select a driver name from the top combination box to view the counters for that specific driver.

Settings

You can use this page to create and modify Driver Verifier settings. The settings are saved in the registry and you must restart the computer for the settings to take effect. You can use the list to view the currently installed drivers. Each driver can be in one of the following states:

  • Verify Enabled: The driver is currently verified.
  • Verify Disabled: The driver is currently not verified.
  • Verify Enabled (Reboot Needed): The driver is verified only after the next restart.
  • Verify Disabled (Reboot Needed): The driver is currently verified but is not verified after the next restart.

You can select one or several drivers from the list and switch the status using the two buttons under the list. You can also right-click a driver name to display the context menu, which lets you perform state toggling.

In the bottom of the dialog box, you can specify additional drivers (separated by spaces) that you want verified after the next restart. You typically use this edit control when you want to install a new driver that is not already loaded.

If the radio button group on the top of the list is set to Verify all drivers, the list and the Verify and Don't Verify buttons and the edit control are unavailable. This means that after the next restart, all the drivers in the system are verified.

You can set the verification type using the check boxes in the upper-right area of the dialog box. You can enable I/O Verification at level 1 or at level 2. Level 2 verification is stronger than level 1.

You must save any modification to the settings by clicking Apply. There are two more buttons in this page:

  • Preferred Settings: This selects some commonly used settings (with all drivers verified).
  • Reset All: This clears all the Driver Verifier settings so that no drivers are verified.

After you click Apply, you must restart the computer for the changes to take effect.

Volatile Settings

You can use this property page to change the Driver Verifier flags immediately. You can only toggle the state of some of the Driver Verifier flags and you cannot change the list of the drivers that are being verified. After you change the status of some check boxes, you must click Apply for the changes to take effect. The changes take effect immediately and they last until you make additional changes or until you restart the computer.

The Command-Line Interface

You can also run Verifier.exe from a command line (for more information, type verifier.exe /? at a command prompt). The following list shows the most commonly used command line flags:

  • verifier.exe /flags value [/iolevel 2]
    Specifies a decimal value of the Driver Verifier flags and possibly the level for the I/O verification (for a list of available flags, type verifier.exe /? at a command prompt or refer to the "Enabling Driver Verifier" section of this article).

    Replace the value parameter with one of the following verification bit values:

    0 - Special pool checking

    1 - Force IRQL checking
    2 - Low resources simulation
    3 - Pool tracking

    4 - I/O verification

    For example, type the following command:

    c:\verifier /flags 3 /iolevel 2

    NOTE: The default I/O verification level is 1. The value is ignored if the I/O verification bit is not set in flags.

  • verifier.exe /all
    Verifies all the drivers in the system.
  • verifier.exe /volatile /flags value
    Changes verifier flags immediately.
  • verifier.exe /reset
    Erases all current Driver Verifier settings.
  • verifier /query
    Dump the current Driver Verifier status and counters to the standard output.
  • verifier.exe /log LOG_FILE_NAME [/interval seconds]
    Logs the Driver Verifier status and counters to a log file (where seconds is the period of time you specify).

Additional query words: bugcheck

Keywords : kbenv kbprogramming KBW2KHOME
Issue type : kbhowto
Technology : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbWinAdvServSearch kbWinDataServSearch


Last Reviewed: October 24, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.