Home
Operation 
Find a Windows 7 driver conflict. Four ways: how to check drivers on Windows. How to open a DMP file to view error analysis

Find a Windows 7 driver conflict. Four ways: how to check drivers on Windows. How to open a DMP file to view error analysis

For such cases, to check how correctly the drivers work in Windows XP, there is special utility verifier.exe. Utility Driver Verifier, creates the most severe conditions for drivers, in which the probability of failure is very high, and the name of the failing driver is determined with the highest accuracy. Therefore, in case of non-systematic failures, it is useful to run the utility Driver Verifier.exe. There is no need to download Verifier, since the utility is included in Windows and is located in the directory Windows\system32


1 Working with Verifier.exe

1.1. Let's launch Verifier.exe.Start - Run - Verifier.exe:

1.3. Utility Driver Verifier.exe will ask to reboot:



1.4. Two new parameters will appear in the registry:


-- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDriverLevel

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDrivers
Registry settings related to Driver Verifier.exe

2 Test results

2.1. If in the first window of the utility Driver Verifier.exe choose "Display information about currently tested drivers", then a window like this will appear. It shows which drivers are checked and which are not. By pressing "Next", you can see other information about tested drivers:

2.2. As a result of checking the drivers with the utility Driver Verifier.exe it is possible that the system may fall out. When an error occurs while checking drivers, system errors and . Typical error codes and explanations are given below.

0xC1: SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION
· 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION
· 0xC6: DRIVER_CAUGHT_MODIFYING_FREED_POOL
· 0xC9: DRIVER_VERIFIER_IOMANAGER_VIOLATION
· 0xD6: DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION
· 0xE6: DRIVER_VERIFIER_DMA_VIOLATION


2.3. Examples of dump decryption by the program :


3. Useful links

Sometimes DRIVER_VERIFIER_DETECTED_VIOLATION blue screen errors related to hardware can be caused by corruption RAM(RAM). If you are experiencing random computer reboots, sound signals When booting or other computer malfunctions (in addition to BSOD errors 0xC4), it is very likely that there is memory corruption. In fact, almost 10% of application crashes on Windows OS are caused by memory corruption.

If you've recently added new memory to your computer, we recommend temporarily removing it to make sure it's not causing the DRIVER_VERIFIER_DETECTED_VIOLATION error. If this action resolves the BSOD, then this is the source of the problem and therefore the new memory is either incompatible with some of your hardware or is damaged. In this case, you will need to replace new memory modules.

If you haven't added new memory, the next step is to conduct a diagnostic test of the existing computer memory. A memory test scans for serious memory failures and intermittent errors that could be causing your blue screen death 0xC4.

Although latest versions Windows includes a utility to test your RAM, I highly recommend using Memtest86 instead. Memtest86 is a testing tool software BIOS-based, unlike other test programs run in Windows environment. The advantage of this approach is that the utility allows you to check ALL operational memory for DRIVER_VERIFIER_DETECTED_VIOLATION errors, while other programs cannot check memory areas occupied by the program itself, operating system and other running programs.

The Driver Verifier utility (verifier.exe) is designed to analyze problematic drivers when analysis of memory dumps after a BSOD does not allow finding the problematic driver. Driver Verifier is a “lifesaver” in the most problematic situations.

With Driver Verifier you can:

    driver stress test (resource shortage conditions are simulated);

    buffer overflow control;

    control over errors that occur due to incorrect operation at a given IRQL;

    I/O error analysis;

    detection of deadlock situations, etc.

The Driver Verifier utility is very useful when:

    the administrator (user) has suspicions that this particular driver is causing the system to crash and he wants to further check whether this is actually the case;

    driver developers want to test their driver;

    When analyzing a dump after a BSOD, it is impossible to find the problematic driver.

One of the most difficult cases of analyzing memory dumps is when a driver mistakenly overwrites data before or after the end of the buffer it allocated. In such cases, errors occur in the OS kernel (for example, analysis of a dump after a BSOD shows that the error occurred in ntoskrnl.exe).

Let's look at a similar case using a specific example. Using the NotMyfault utility, we cause BSOD - “Buffer overflow”.

The result of dump analysis using windbg is attached below.

According to the dump analysis we get:

1. Arg1: 00000007, Attempt to free pool which was already freed (an attempt was made to release an already freed pool)

2. IMAGE_NAME: ntkrpamp.exe (the core of the system itself has something to do with this)

It is with such errors that verifier comes to the rescue.

Launch verifier.

Select “Create non-standard parameters”. Next, select “Select parameters from list”.

Select everything except “Simulate resource shortage”.

Then select “Select unloaded drivers for this list” and specify the path to the myfault.sys driver, which is located in the same directory as the NotMyfault.exe program.

Then mark the driver and click “Finish”. After this, we need to reboot the computer.

We perform all the same actions as at the beginning. Run NotMyfault.exe, select “Buffer overflow” and click “Crash”. As you noticed, a crash may not happen immediately, since who and when will try to work with this memory is unknown in advance. As you can see in the image below, thanks to the verifier, the system can identify the problematic driver.

I will give an analysis using!analyze –v in windbg.exe of a memory dump after a BSOD.

The verifier program makes it so that the driver being tested, instead of ordinary memory available in the kernel, uses a special pool designed to detect such an error. Thanks to this, you can find the driver that causes the BSOD.

If we look at the results of the analysis, we see the following.

1. DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION (d6) – this is one of the errors that is generated by verifier

2. IMAGE_NAME: myfault.sys – driver that caused the problem.

Thus, if analyzing a memory dump after a BSOD does not allow you to find the “culprit driver,” use the verifier.exe program (install all checks, except for lack of memory).

Most simple option to use Driver Verifier (verifier.exe) is to launch it with the following parameters:

verifier /standard /driver driver file name

Post Views: 1,042

So, you have a recurring blue screen of death, and like many BSoDs, it's because a bad driver is to blame. However, the screen does not give you the correct information, either because it does not contain any driver at all, or because it lists a system driver that is acting as false.

Driver Verifier is a free utility included in all versions of Windows from Windows XP. It literally checks each of the drivers on your PC until it encounters the problem that caused the problem, intentionally creating the same blue screen, but then recording the information in a log file to help you identify the problem.

Launch Driver Driver

If you're experiencing the same blue screen frequently and you'd like to get proactive and fix it, here's how to use Driver Verifier.

  1. Click the button Start
  2. Click " Execute"...
  3. Enter CMD and press Enter.
  4. In the new window, enter verifier and press Enter.


IN Windows Vista and 7:

  1. Click the button Start
  2. Enter CMD in the field and click Enter.
  3. In the new window, enter verifier and press Enter.


On Windows 8 and 8.1:

  1. Press the key Windows + X
  2. Click " Command Line (Administrator) (Windows PowerShell(Admin) in Windows 8.1)
  3. In the new window, enter verifier and press Enter.


All Windows versions:

  1. Make sure it's selected setting up user settings (for code developers) .
  2. Click " Next» .
  3. Select " Select individual settings" from full list .
  4. Click " Next» .
  5. Deselect low resource system modeling And standby I/O requests. (These two cause unnecessary workload on your PC.) Make sure everything else is selected.
  6. Double tap " Next» .
  7. Select " Select driver names" in the list .
  8. Click " Next» .
  9. Select all drivers on this screen except those that say Microsoft Corporation under Supplier. It is very unlikely that a Microsoft driver is causing this problem.
  10. Click " Ready" .


Note. If you can't complete the above steps because the blue screen keeps happening, try booting to .

At this point, you must restart your computer. Then try causing the BSoD again by doing what you did before. Windows adds extra workload to your drivers to help you. If you can't reproduce the BSoD, try running your computer overnight. Once the BSoD appears again, reboot your computer and read the Minidump file.


Reading a dump file

The Verifier driver will start, blue screen, and write a log file. This log file is located in C:\Windows\Minidump\. Read it and you will see which driver is causing this problem. Try searching for the driver name to see what piece of hardware your PC uses.

So how do you read it? You need a debugging tool, which you can download from Microsoft.

A . Download the SDK, install it, select debugging tools, and deselect everything else.

Please note that the debugging tools for previous versions Windows are no longer available; you will have to send the dump file to a Microsoft technician for analysis.


After installing it, find it on the startup screen. It's called windbg (x64). Launch it.

  1. Click " File", then " Open failure" .
  2. Go to C:\Windows\Minidump\ and open the .DMP file contained inside.
  3. Look at the bottom of the resulting file where the line says " Probably caused". This is a good indication of which driver is causing this problem.

Fix driver

Update the driver associated with this hardware:

  1. Click the button Start
  2. Click Control Panel
  3. Click " Switch to classic view"
  4. Double click system
  5. Go to "Hardware" tab
  6. Click device Manager
  7. Click " Update driver."

On Windows Vista and 7:

  1. Click the button Start
  2. Click Control Panel
  3. Double click device Manager
  4. Find the device causing the problem
  5. Right click on it
  6. Click " Update driver."


On Windows 8 and 8.1:

  1. Press the key Windows + X
  2. Click Control Panel
  3. Browse by small icons
  4. Click device Manager
  5. Find the device causing the problem
  6. Right click on it
  7. Click " Update driver."

Or use our application so as not to be confused with Driver Verifier. Driver Reviver automatically updates all existing drivers on your PC and is especially good at updating underperforming drivers like this one to the latest and greatest version.

After fixing the driver issue, you will want to disable Driver Verifier.

Disable driver verifier

Once you are done using Driver Verifier, you will want to disable it as it is quite hard on your PC while it is running.

On all versions of Windows:

  1. Re-run Driver Verifier using the steps above.
  2. Select " Delete existing settings" .
  3. Click " Ready" .
  4. Restart your computer again.


Bookmark this article for future reference so that whenever you have a blue screen, you can fix the problem. Also, check out our interactive and enter your error name for more tips on resolving your specific Blue Screen of Death. Good luck!

Utility Driver Verifier included in all Windows versions, starting with Windows XP, and allows you to check drivers, identify problematic drivers that are causing blue screen of death (BSOD- Blue Screen of Death) and record detailed information O problematic driver to a memory dump for further analysis. The utility subjects the checked drivers to various “ stress tests", simulating various extreme conditions: lack of memory, I/O control, IRQL, deadlocks, DMA checks, IRP, etc. I.e. situations that rarely occur on productive systems are simulated, and driver behavior in them is monitored. The purpose of the utility is to identify situations in which the driver can lead to a system crash with BSOD.

The executable file of the Driver Verifier utility is called Verifier.exe and is located in the %windir%\system32 directory. There are two options for using the utility: from the command line or using the graphical interface.

To enable driver verification mode in Windows 8, launch the Driver Verifier utility by typing

Verifier

From the task list, select Create custom settings (for code developers) and press Next.

Make sure the options are selected Standard settings, Force pending I/O requests And IRP Logging. Click Next.

Next select .

Sort the contents of the table by clicking on the "Provider" column header and select the ones you want to test from the list of drivers. In our example, we will run a check for all drivers that are not developed by MicrosoftCorporation. We selected the drivers: e1g6032e.sys (Intel) and lsi_sas.sys (LSI).

Note. Driver availability digital signature Microsoft indicates that the driver has been tested in a certain way for stability and its code has not been modified since then. That is why it is not recommended or used.

All you have to do is click Finish and an information window will appear stating that you need to reboot the system for the changes to take effect.

Advice. Driver verification mode can also be enabled from command line. For example, to run Driver Verifier with standard settings for the myPCDriver.sys driver, the command would look like this:

Verifier /standard /driver myPCDriver.sys

After the reboot, the system boots into driver verification mode. Driver Verifier works in background, performing various types testing selected drivers to identify errors. Use your computer as usual and wait for the BSOD to appear. If you know what actions previously caused the system to crash, repeat them. If a BSOD occurs, you need to copy the memory dump file (by default, it is saved in the C:\Windows\Minidump\*.dmp directory) or similar.

Important! After activating driver debugging mode using Driver Verifier, this mode will work until it is forcibly disabled.

If the problem does not recur within 1-2 days, then with a certain degree of certainty we can conclude that the drivers being tested are not the cause of the system crash and the scan mode for them can be disabled.

Advice. Using the Validator Windows drivers significantly slows down Windows operation, so it is not recommended to constantly work in this mode.

You can disable Driver Verifier from the command line:

Verifier /reset

Or from the graphical interface by selecting Delete existing settings.

If you cannot log into the system in normal mode, you can disable debugging mode from safe mode.

In the event that safe mode the system does not boot, try deleting the following registry keys by booting from the boot disk:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDrivers
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\VerifyDriverLevel

You can check the current status of the Driver Verifier utility like this.

Operation 

You may also like