PSPro

╔═══════════════════════════════════════
║ Instructions - Debugging - Driver Verifier

[ https://msdn.microsoft.com/en-us/library/windows/hardware/ff545448(v=vs.85).aspx ]

┌───────────────────────────────────────
│ Plainspeak

A typical dump is a snapshot of the contents of physical memory at the time of the bugcheck. There is limited historical insight. This data is often sufficient if the problem recorded requires no historical data to determine its origin.

Driver Verifier’s purpose is to record richer historical data for suspected kernel components put under extra scrutiny by Driver Verifier. This is necessary, for instance, when multiple kernel components contribute to a bugcheck that makes snapshot-only data insufficient for diagnosis.

The OS (or Driver Verifier when it is configured) is always running and will bugcheck the node when a kernel component acts outside its proper scope. A bugcheck will result regardless of whether Driver Verifier or the OS is the instigator of the bugcheck. If the cause of the bugcheck is one of the kernel components Driver Verifier is tracking then there will be accompanying historical data for the bugcheck.

┌───────────────────────────────────────
│ References

• Driver Verifier
• Using Driver Verifier to identify issues with Windows drivers for advanced users
• Driver Verifier - tracking down a mis-behaving driver
• Global Flags
• Windows SDK and emulator archive
• Wikiwand - Microsoft Windows SDK
• Operating System Version
• User Account Control

┌───────────────────────────────────────
│ Acquire

Driver Verifier is already present in Windows.

┌───────────────────────────────────────
│ Configure - GUI

• Obtain a list of drivers that should be verified.

• Windows 5.1 ONLY:
    · Determine the latest Windows SDK whose components are compatible with the target OS:
        · Typically a Windows SDK is compatible with an OS version one downlevel from the OS version the Windows SDK targets.
            · e.g. the Windows 8.1 SDK is largely compatible with Windows 6.1, and the Windows 10 SDK 1507 is largely compatible with Windows 8.1.
        · However, individual components within the Windows SDK may not be downlevel compatible.
            · e.g. Windows Performance Toolkit may not be downlevel compatible.
        · Windows SDK and emulator archive

    · Install the Windows SDK component: Debugging Tools for Windows

    · PSPRO recommends installing the following Windows SDK components:
        · Application Verifier for Windows
        · Debugging Tools for Windows
        · Windows Performance Toolkit

    · Open the window 'Global Flags'.
        · Windows Button | Windows Kits | Global Flags (X86)

        · The window 'User Account Control' will appear.
            · Click: OK
        · The window 'User Account Control' will close.

        · The window 'Global Flags' will appear.
            · Click the tab: System Registry
            · Check: Enable pool tagging
            · Click: OK
        · The window 'Global Flags' will close.

    · Reboot.

• Open the window 'Driver Verifier'.
    · Press: Windows Button+R

    · The window 'Run' will appear.
        · Enter: verifier.exe
        · Click: OK
    · The window 'Run' will close.

    · The window 'User Account Control' will appear.
        · Click: OK
    · The window 'User Account Control' will close.

    · The window 'Driver Verifier Manager' will appear.
        · Click: Create custom settings (for code developers)
        · Click: Next

        · In the section 'Select individual settings from a full list':
            · Check: Special pool
            · Check: Pool tracking
            · Click: Next

        · In the section 'Select what driver to verify':
            · Select: Select driver names from a list
            · Click: Next

        · In the section 'Select drivers to verify':
            · Check: The appropriate drivers from the currently loaded list.
            · If not all appropriate drivers are currently loaded and displayed:
                · Click: Add currently not loaded driver(s) to the list…
                    · The 'File Explorer' window titled 'Driver Verifier Manager' will appear.
                        · This window allows CTRL+Click multi-selection of files.
                    · Multi-select all appropriate drivers from the currently unloaded list that were NOT part of the currently loaded list,
                    · Click ‘Open’,
                    · The 'File Explorer' window 'Driver Verifier Manager' will close.

                · Verify that the manually selected drivers are at the end of the ‘Select drivers to verify’ list.

        · Click ‘Finish’.

    · The window 'Driver Verifier Manager' will reappear.
        · Click: OK
    · The window 'Driver Verifier Manager' will close.

• Reboot.

┌───────────────────────────────────────
│ Configure - Manual

• Obtain a list of drivers that should be verified.

• Windows 5.1 ONLY:
    · Open 'Registry Editor':
        · The window 'User Account Control' will appear.
            · Click: OK
        · The window 'User Account Control' will close.

        · The window 'Registry Editor' will appear.
            · Set: HKEY_LOCAL_MACHINE\System\<controlset>\Control\Session Manager  GlobalFlag  REG_DWORD  0x00000400
                · Where '<controlset>' is the control set intended.
                    · Typically: CurrentControlSet

        · Close the window 'Registry Editor'.

    · Reboot

• Open 'Registry Editor':
    · The window 'User Account Control' will appear.
        · Click: OK
    · The window 'User Account Control' will close.

    · The window 'Registry Editor' will appear.
        · Set: HKEY_LOCAL_MACHINE\SYSTEM\<controlset>\Control\Session Manager\Memory Management  VerifyDriverLevel  REG_DWORD  '9'
        · Set: HKEY_LOCAL_MACHINE\SYSTEM\<controlset>\Control\Session Manager\Memory Management  VerifyDrivers  REG_SZ  'drivername1.sys drivername2.sys drivername3.sys'
            · Where '<controlset>' is the control set intended.
                · Typically: CurrentControlSet
            · Where 'VerifyDrivers' is a space-separated list of the driver filenames to be verified.

    · Close the window 'Registry Editor'.

• Reboot

┌───────────────────────────────────────
│ Configure - Buffer Underrun

• If a buffer underrun is suspected, open 'Registry Editor'.
    · The window 'User Account Control' will appear.
        · Click: OK
    · The window 'User Account Control' will close.

    · The window 'Registry Editor' will appear.
        · Set: HKEY_LOCAL_MACHINE\System\<controlset>\Control\Session Manager\Memory Management  PoolTagOverruns  REG_DWORD  0
            · Where '<controlset>' is the control set intended.
                · Typically: CurrentControlSet

    · Close the window 'Registry Editor'.

• Reboot

┌───────────────────────────────────────
│ Procedures

• Reproduce the conditions that will manifest the problem under investigation or otherwise await a bugcheck initiated by Driver Verifier.

┌───────────────────────────────────────
│ Credits

Any external referenced material in this document is hyperlinked. Authors responsible for referenced work should be sought through the reference(s) listed.

I am Christopher Etter, a Professional Services consultant.

Because you are using this, I welcome you as my customer. These documents are free for you to use. I work diligently to serve you with material such as this. I would appreciate it if PSPRO (professionalservices.pro), my name, and this 'Credits' section remain attached to this work so that I accrue name recognition via your success and peer recommendation. Thank you very much, and I hope this document helps you solve your current information technology issue!