verifier.exe

  • File Path: C:\windows\system32\verifier.exe
  • Description: Driver Verifier Manager

Hashes

Type Hash
MD5 F9753A07979B1DAE7E50E3838FE2CA57
SHA1 51A0AEF64B6462ECB5DFF1B9B9DD93FA735FA84C
SHA256 8D4E7887F9B0792EEA1306CAE981EDD960155AE6877766B2122C3EDDEB0D82BB
SHA384 0DFE2B2CC3D16F8802091CF71D2E6A32DE71E1B977539B52FC36921C5A7EA98248B09309CE00E3249FFF0AB84824AF39
SHA512 A5227B7C4590956FAB99F1F694315E977127F67BE6359B35F433E5A72BDDBC264DCFA9D042B58681758DE50C5AE5681454086164408DD20CCB589C05E88E327C
SSDEEP 1536:WJwB0UTv4jtCdZamkLTsd/Q5T74sAzNJWLbSAhcCHMFDuLuyyFf06tl39FKrbg6P:Wlev4l77V5mmMBuc39HcKxphcr7p

Signature

  • Status: The file C:\windows\system32\verifier.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: verifier.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


verifier

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Driver Verifier monitors Windows kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject Windows drivers to a variety of stresses and tests to find improper behavior. You can configure which tests to run, which allows you to put a driver through heavy stress loads or through more streamlined testing. You can also run Driver Verifier on multiple drivers simultaneously, or on one driver at a time.

[!IMPORTANT] You must be in the Administrators group on the computer to use Driver Verifier. Running Driver Verifier can cause the computer to crash, so you should only run this utility on computers used for testing and debugging.

Syntax

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | disableafterfail | oneboot]
verifier /reset
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /domain <types> <options> /driver ... [/logging | /livedump]
verifier /logging
verifier /livedump
verifier /?
verifier /help

Parameters

Parameter Description
/all Directs the Driver Verifier utility to verify all installed drivers after the next boot.
/bootmode [persistent | disableafterfail | oneboot | resetonunusualshutdown] Controls whether the settings for the Driver Verifier utility are enabled after a reboot. To set or change this option, you must reboot the computer. The following modes are available:<ul><li>persistent - Ensures that the Driver Verifier settings persist (stay in effect) over many reboots. This is the default setting.</li><li>disableafterfail - If Windows fails to start, this setting disables the Driver Verifier utility for subsequent reboots.</li><li>oneboot - Only enables the Driver Verifier settings for the next time the computer starts. The Driver Verifier utility is disabled for subsequent reboots.</li><li>resetonunusualshutdown - The Driver Verifier utility will persist until an unusual shutdown occurs. Its abbrevation, ‘rous’, can be used.</li></ul>
/driver <driverlist> Specifies one or more drivers that will be verified. The driverlist parameter is a list of drivers by binary name, such as driver.sys. Use a space to separate each driver name. Wildcard values, such as n*.sys, aren’t supported.
/driver.exclude <driverlist> Specifies one or more drivers that will be excluded from verification. This parameter is applicable only if all drivers are selected for verification. The driverlist parameter is a list of drivers by binary name, such as driver.sys. Use a space to separate each driver name. Wildcard values, such as n*.sys, aren’t supported.
/faults Enables the Low Resources Simulation feature in the Driver Verifier utility. You can use /faults in place of /flags 0x4. However, you can’t use /flags 0x4 with the /faults sub-parameters. You can use the following subparameters of the /faults parameter to configure the Low Resources Simulation:<ul><li>Probability - Specifies the probability that the Driver Verifier utility will fail a given allocation. Type a number (in decimal or hexadecimal) to represent the number of chances in 10,000 that the Driver Verifier utility will fail the allocation. The default value, 600, means 600/10000 or 6%.</li><li>Pool Tags - Limits the allocations that the Driver Verifier utility can fail to allocations with the specified pool tags. You can use a wildcard character (*) to represent multiple pool tags. To list multiple pool tags, separate the tags with spaces. By default, all allocations can fail.</li><li>Applications - Limits the allocations that the Driver Verifier utility can fail to allocations for the specified program. Type the name of an executable file. To list programs, separate the program names with spaces. By default, all allocations can fail.</li><li>DelayMins - Specifies the number of minutes after booting during which the Driver Verifier utility does not intentionally fail any allocations. This delay allows the drivers to load and the system to stabilize before the test begins. Type a number (in decimal or hexadecimal). The default value is 7 (minutes).</li></ul>
/faultssystematic Specifies the options for Systematic Low Resources simulation. Use the 0x40000 flag to select the Systematic Low Resources simulation option. The following options are available:<ul><li>enableboottime - Enables fault injections across computer reboots.</li><li>disableboottime - Disables fault injections across computer reboots (this is the default setting).</li><li>recordboottime - Enables fault injections in what if mode across computer reboots.</li><li>resetboottime - Disables fault injections across computer reboots and clears the stack exclusion list.</li><li>enableruntime - Dynamically enables fault injections.</li><li>disableruntime - Dynamically disables fault injections.</li><li>recordruntime - Dynamically enables fault injections in what if mode.</li><li>resetruntime - Dynamically disables fault injections and clears the previously faulted stack list.</li><li>querystatistics - Shows the current fault injection statistics.</li><li>incrementcounter - Increments the test pass counter used to identify when a fault was injected.</li><li>getstackid COUNTER - Retrieves the indicated injected stack identifier.</li><li>excludestack STACKID - Excludes the stack from fault injection.</li></ul>
/flags <options> Activates the specified options after the next reboot. This number can be entered in decimal or in hexadecimal (with an 0x prefix) format. Any combination of the following values is allowed:<ul><li>Value: 1 or 0x1 (bit 0) - Special pool checking</li><li>Value: 2 or 0x2 (bit 1) - Force IRQL Checking</li><li>Value: 4 or 0x4 (bit 2) - Low Resources Simulation</li><li>Value: 8 or 0x8 (bit 3) - Pool Tracking</li><li>Value: 16 or 0x10 (bit 4) - I/O Verification</li><li>Value: 32 or 0x20 (bit 5) - Deadlock Detection</li><li>Value: 64 or 0x40 (bit 6) - Enhanced I/O Verification. This option is automatically activated when you select I/O Verification.</li><li>Value: 128 or 0x80 (bit 7) - DMA Verification</li><li>Value: 256 or 0x100 (bit 8) - Security Checks</li><li>Value: 512 or 0x200 (bit 9) - Force Pending I/O Requests</li><li>Value: 1024 or 0x400 (bit 10) - IRP Logging</li><li>Value: 2048 or 0x800 (bit 11) - Miscellaneous Checks</li><li>Value: 8192 or 0x2000 (bit 13) - Invariant MDL Checking for Stack</li><li>Value: 16384 or 0x4000 (bit 14) - Invariant MDL Checking for Driver</li><li>Value: 32768 or 0x8000 (bit 15) - Power Framework Delay Fuzzing</li><li>Value: 65536 or 0x10000 (bit 16) - Port/miniport interface checking</li><li>Value: 131072 or 0x20000 (bit 17) - DDI compliance checking</li><li>Value: 262144 or 0x40000 (bit 18) - Systematic low resources simulation</li><li>Value: 524288 or 0x80000 (bit 19) - DDI compliance checking (additional)</li><li>Value: 2097152 or 0x200000 (bit 21) - NDIS/WIFI verification</li><li>Value: 8388608 or 0x800000 (bit 23) - Kernel synchronization delay fuzzing</li><li>Value: 16777216 or 0x1000000 (bit 24) - VM switch verification</li><li>Value: 33554432 or 0x2000000 (bit 25) - Code integrity checks. You can’t use this method to activate the SCSI Verification or Storport Verification options. For more information, see SCSI Verification and Storport Verification.</li></ul>
/flags <volatileoptions> Specifies the the Driver Verifier utility options that are changed immediately without rebooting.This number can be entered in decimal or in hexadecimal (with an 0x prefix) format. Any combination of the following values is allowed:<ul><li>Value: 1 or 0x1 (bit 0) - Special pool</li><li>Value: 2 or 0x2 (bit 1) - Force IRQL Checking</li><li>Value: 4 or 0x4 (bit 2) - Low Resources Simulation</li></ul>
<probability> Number between 1 and 10,000 specifying the fault injection probability. For example, specifying 100 means a fault injection probability of 1% (100/10,000).<p>if this parameter isn’t specified, the default probability of 6% is used.
<tags> Specifies the pool tags that will be injected with faults, separated by space characters. If this parameter is not specified then any pool allocation can be injected with faults.
<apps> Specifies the image file name of the apps that will be injected with faults, separated by space characters. If this parameter isn’t specified then low resources simulation can take place in any application.
<minutes> A positive number specifying the length of the period after rebooting, in minutes, during which no fault injection will occur. If this parameter isn’t specified then the default length of 8 minutes is used.
/iolevel <level> Specifies the level of I/O Verification. The value of [level] can be 1 - Enables Level 1 I/O Verification (default) or 2 - Enables Level 1 I/O Verification and Level 2 I/O Verification. If I/O Verification isn’t enabled (by using /flags 0x10), /iolevel is ignored.
/log <logfilename> [/intervalseconds] Creates a log file using the specified name. The Driver Verifier utility periodically writes statistics to this file, based on the interval you optionally set. The default interval is 30 seconds.<p> If a verifier /log command is typed at the command line, the command prompt doesn’t return. To close the log file and return a prompt, use the CTRL+C key. After a reboot, to create a log, you must submit the verifier /log command again.
/rules <option> Options for rules that can be disabled, including:<ul><li>query - Shows current status of controllable rules.</li><li>reset - Resets all rules to their default state.</li><li>default ID - Sets rule ID to its default state. For the supported rules, the rule ID is the Bug Check 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 1 value.</li><li>disable ID - Disables specified rule ID. For the supported rules, the rule ID is the Bug Check 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 1 value.</li></ul>
/standard Activates the “standard” or default Driver Verifier options after the next restart. The standard options are Special Pool, Force IRQL Checking, Pool Tracking, I/O Verification, Deadlock Detection, DMA Verification, Security Checks, Miscellaneous Checks, and DDI compliance checking. This is equivalent to /flags 0x209BB.<p>[!NOTE] Starting in Windows 10 versions after 1803, using /flags 0x209BB will no longer automatically enable WDF verification. Use the /standard syntax to enable standard options, with WDF verification included.
/volatile Changes the settings without rebooting the computer. Volatile settings take effect immediately.<p>You can use the /volatile parameter with the /flags parameter to enable and disable some options without rebooting. You can also use /volatile with the /adddriver and /removedriver parameters to start or stop the verification of a driver without rebooting, even if the Driver Verifier utility isn’t running. For more information, see Using Volatile Settings.
/adddriver <volatiledriverlist> Removes the specified drivers from the volatile settings. To specify multiple drivers, list their names, separated by spaces. Wildcard values, such as n.sys, aren’t supported.
/removedriver <volatiledriverlist>  
/reset Clears all the Driver Verifier utility settings. After the next restart, no drivers will be verified.
/querysettings Displays a summary of the options that will be activated and drivers that will be verified after the next boot. The display doesn’t include drivers and options added by using the /volatile parameter. For other ways to view these settings, see Viewing Driver Verifier Settings.
/query Displays a summary of the Driver Verifier utility’s current activity. The Level field in the display is the hexadecimal value of options set with the /volatile parameter. For explanations of each statistic, see Monitoring Global Counters and Monitoring Individual Counters.
/domain <types> <options> Controls the verifier extension settings. The following verifier extension types are supported:<ul><li>wdm - Enables verifier extension for WDM drivers.</li><li>ndis - Enables verifier extension for networking drivers.</li><li>ks - Enables verifier extension for kernel mode streaming drivers.</li><li>audio - Enables verifier extension for audio drivers.</li></ul>. The following extension options are supported:<ul><li>rules.default - Enables default validation rules for the selected verifier extension.</li><li>rules.all - Enables all validation rules for the selected verifier extension.</li></ul>
/logging Enables logging for violated rules detected by the selected verifier extensions.
/livedump Enables live memory dump collection for violated rules detected by the selected verifier extensions.
/? Displays command-line help.

Return Codes

The following values are returned after driver verifier has run:

  • 0: EXIT_CODE_SUCCESS

  • 1: EXIT_CODE_ERROR

  • 2: EXIT_CODE_REBOOT_NEEDED

Remarks

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.