Driver Verifier Command Syntax for Windows 11, 10, 8, 7 (Updated)

Compilation of all the Driver Verifier Command Syntax for Windows 11, 10, 8, and 7.

Driver Verifier Command Syntax for Windows 11, 10, 8, 7

Command syntax for Driver verifier has been revised and updated for the Windows users. The command line tool has got modifications in Rule Classes, parameters, Subparameter, Option, /domain Types, flags, etc. You will see all Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 in the following part.

You know this is the most effective tool to check the drivers in your system. See – How to Identify if a Driver is Causing Issues in Windows 10 with Verifier.

The Driver Verifier Command Syntax for Windows 11, 10, 8, and 7

Here is Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 –

The below syntax is used when running the Verifier tool in a Command Prompt window.

You can type several options on the same single line. For example:

verifier /flags 7 /driver beep.sys disksdd.sys

Driver Verifier Command Syntax Windows 11

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /all
verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /driver NAME [NAME ...]
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /dif [<ruleclass_1> <ruleclass_2> ...] /now /driver NAME [NAME ...]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot]
verifier /bc <number_of_reboots>
verifier /reset
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /domain <types> <options> /driver ... [/logging | /livedump]
verifier /logging
verifier /livedump
verifier /?
verifier /help

Talking about Windows 11 first, driver interception framework aka DIF enabled options can be enabled through the /dif option.

The “/dif” command comprises rule class 36 automatically, DIF mode, whereas “/ruleclasses” and “/rc” do not. Flags categorized with the symbol (!) in the help text require DIF mode to be enabled. Entire Standard rule classes can be enabled and you don’t need to enable DIF mode.

Rules marked with (^) in the help text can be enabled without restart via the “/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now” command.

Standard Rule Classes

Value Rule /now
1 Special pool yes
2 Force IRQL checking no
4 Pool tracking yes
5 I/O verification yes
6 Deadlock detection no
8 DMA checking no
9 Security checks yes
12 Miscellaneous checks yes
18 DDI compliance checking yes
34 WDF verification no

Additional Rule Classes

Value Rule /now Needs DIF Mode?
3 Randomized low resources simulation no no
10 Force pending I/O requests no no
11 IRP logging no no
14 Invariant MDL checking for stack no no
15 Invariant MDL checking for driver no no
16 Power framework delay fuzzing no no
17 Port/miniport interface checking no no
19 Systematic low resources simulation yes yes
20 DDI compliance checking (additional) yes no
22 NDIS/WIFI verification no no
24 Kernel synchronization delay fuzzing no no
25 VM switch verification no no
26 Code integrity checks no no
33 Driver isolation checks no yes
35 DDI checking (additional IRQL rules) yes yes
36 DIF mode yes n/a

Driver Verifier Command Syntax Windows 10

You are able to use the “/volatile” parameter with certain Driver Verifier “/flags” options and with “/standard” (all without quotes). Although, you are not able to use /volatile with the /flags options for either of Storport VerificationPower Framework Delay Fuzzing, and DDI compliance checking. To know more, navigate to Using Volatile Settings.

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier {/ruleclasses | /rc} <options> [<ruleclass_1> <ruleclass_2> ...] /all
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot]
verifier /reset
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /domain <types> <options> /driver ... [/logging | /livedump]
verifier /logging
verifier /livedump
verifier /?
verifier /help

Driver Verifier Command Syntax Windows 8.1

This version allows you to use the “/volatile” parameter accompanied by some Driver Verifier “/flags” options and with “/standard“. However, you cannot use /volatile with the /flags options for Storport VerificationDDI compliance checking, and Power Framework Delay Fuzzing. To read further, go to Using Volatile Settings.

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | disableafterfail | oneboot]
verifier /reset
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /?

Windows 8, Windows 7 Syntax

These editions also allow you to use the /volatile parameter with some Driver Verifier /flags choices and with /standard. You cannot use /volatile with the /flags options for DDI compliance checkingPower Framework Delay FuzzingStorport Verification, SCSI Verification, furthermore, with /disk. For details, see Using Volatile Settings.

verifier [/volatile] [/standard | /flags Options ] [ /all | /driver DriverList ]
verifier /volatile /faults [Probability PoolTags Applications DelayMins] /driver DriverList
verifier /volatile {/adddriver | /removedriver} DriverList
verifier /reset
verifier /querysettings
verifier /query
verifier /log LogFileName [/interval Seconds]
verifier /?

Parameters

Verifier Command-Line Syntax

The syntax “/all” (without quotes) Directs the Driver Verifier to verify entire installed drivers after the subsequent boot.

The cmd command “/bc <number_of_reboots>” determines the number of reboots for which verification should be active.

This option will automatically apply the “ResetOnUnusualShutdown boot mode”.

/bootmode mode handles if the settings for Windows Driver Verifier are enabled after a reboot. To change this option, you must restart the system.

Bootmode Description
persistent This option determines that the Driver Verifier settings persist over several reboots. This is the default setting.
resetonbootfail This will disable Driver Verifier for coming restarts if the system failed to start.
oneboot The option is applicable to enable the Driver Verifier settings for the next time the computer starts. Furthermore, the Driver Verifier will be disabled for subsequent reboots.
resetonunusualshutdown Using this mode, Driver Verifier will persist until an abnormal shutdown occurs (First time applied in  Windows 10 v1709). This is the full form of, ‘rous’.

Now, /dif DifEnabledRule activates checking using a Dif enabled rule. This checking will be applied the next time the system is rebooted. This is added in Windows 11.

“/dif /now” DifEnabledRule instantly enables checking using a Dif enabled rule. The syntax enables the rule classes straight away and does not need a reboot. This option is only permissible if no rule classes are beforehand running. Navigate to the Windows 11 rule class descriptions to read the rule classes capable of immediate activation.

/driver DriverList defines one or more drivers that will be verified. DriverList is a list of drivers by binary name, such as Driver.sys. Use a space to separate each driver’s name. Wildcard values, such as n*.sys, are not supported.

/driver.exclude is the syntax for DriverList that indicates one or plural number of drivers that will be excluded from verification. This parameter puts effect only if all drivers are chosen for verification. DriverList is meant to the list of drivers by binary name, for example, Driver.sys. You will have to put a space to differentiate each driver name. Note that Wildcard values, for ex. n*.sys, are not supported.

/faults syntax activates the Low Resources Simulation in Driver Verifier. However, you can use /faults replacing /flags 0x4. Remember that you cannot use /flags 0x4 accompanied by the /faults subparameters.

See the underneath subparameters of the /faults in order to configure Low Resources Simulation –

Subparameter Description
Probability This Subparameter indicates the possibility that Windows driver verifier will fail a given allocation. Please type a number (in hexadecimal or decimal) to signify the number of chances in 10,000 that Driver Verifier will be unable to the allocation. The default value, 600, denotes 600/10000 or 6%.
Pool Tags Restricts the allocations that Driver Verifier can be unsuccessful to allocations with the specified pool tags. This subparameter allows you to use a wildcard character (*) to represent several pool tags. To list manifold pool tags, separate the tags with spaces. By default, all allocations can fail.
Applications This will also restrict the allocations that Driver Verifier can fail to allocations for the specified program. You need to type the name of an exe file. When listing programs, separate the program names with spaces. By default, all allocations can fail.
DelayMins Thissubparameter indicates the number of minutes after starting during which Driver Verifier does not purposely fail any allocations. This delay permits the drivers to load and the system to stabilize before the test begins. So, type a number (in hexadecimal or decimal). The default integer is 7 (minutes).

Command /faultssystematic denotes the choices for Systematic low resources simulation. “0x40000” is the correct flag to choose Systematic low resources simulation.

Option Description
enableboottime This option enables fault injections across computer restarts.
disableboottime “disableboottime” disables fault injections across computer restarts by default.
recordboottime “recordboottime” activates fault injections in what if mode across computer restarts.
resetboottime “resetboottime” disables fault injections across PC restarts and deletes the stack exclusion list.
enableruntime “enableruntime” effectively enables fault injections.
disableruntime In the same way, this option effectively disables fault injections.
recordruntime Fault injections in what if mode is effectively enabled.
resetruntime Fault injections are dynamically enabled and the previously faulted stack list is cleared.
querystatistics Displays the present fault injection statistics.
incrementcounter Increments the test pass counter used to recognize when a fault was injected.
getstackid COUNTER The option retrieves the specified injected stack identifier.
excludestack STACKID This option excludes the stack from fault injection.

/flags Options enable the said options after the next reboot. This number can be entered in decimal or in hexadecimal (with an 0x prefix) format. Any combination of the following values is allowed.

Decimal Hexadecimal Standard Setting Option
1 0x1 (bit 0) X Special Pool
2 0x2 (bit 1) X Force IRQL Checking
4 0x4 (bit 2) Low Resources Simulation
8 0x8 (bit 3) X Pool Tracking
16 0x10 (bit 4) X I/O Verification
32 0x20 (bit 5) X Deadlock Detection
64 0x40 (bit 6) Enhanced I/O Verification This option is automatically activated when you select I/O Verification
128 0x80 (bit 7) X DMA Verification
256 0x100 (bit 8) X Security Checks
512 0x200 (bit 9) Force Pending I/O Requests
1024 0x400 (bit 10) IRP Logging
2048 0x800 (bit 11) X Miscellaneous Checks
8192 0x2000 (bit 13) Invariant MDL Checking for Stack (Starting with Windows 8)
16384 0x4000 (bit 14) Invariant MDL Checking for Driver (Starting with Windows 8)
32768 0x8000 (bit 15) Power Framework Delay Fuzzing (Starting with Windows 8) (Deprecated in Windows 10 Build 19042 and above)
65536 0x10000 (bit 16) Port/miniport interface checking (Starting with Windows 10)
131072 0x20000 (bit 17) X DDI compliance checking (Starting with Windows 8)
262144 0x40000 (bit 18) Systematic low resources simulation (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
524288 0x80000 (bit 19) DDI compliance checking (additional) (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
2097152 0x200000 (bit 21) NDIS/WIFI verification (Starting with Windows 8.1)
8388608 0x800000 (bit 23) Kernel synchronization delay fuzzing (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
16777216 0x1000000 (bit 24) VM switch verification (Starting with Windows 8.1)
33554432 0x2000000 (bit 25) Code integrity checks (Starting with Windows 10)

You cannot use this process to enable the Storport Verification options. To know more detail, see Storport Verification.

/flags VolatileOptions indicates the Driver Verifier options that are modified instantly without restarting.

You can use the /volatile parameter with all /flags values.)

Enter a number in hexadecimal or decimal format (having an 0x prefix).

Any combination of the underneath values is permitted.

Hexadecimal Option
0x00000004 (bit 2) Randomized Low Resources Simulation
0x00000020 (bit 5) Deadlock detection
0x00000080 (bit 7) DMA checking
0x00000200 (bit 9) Force pending I/O requests
0x00000400 (bit 10) IRP Logging

/ruleclasses or /rc <ruleclass_1> <ruleclass_2> … <ruleclass_k>

The ruleclasses parameter is working on Windows 10 v1803 and further.

However, the ‘/flags’ parameter has some verification classes but The ruleclasses parameter encompasses a greater set of the same. While ‘/flags’ is restricted to a 32 bit bitmap expression, ruleclasses option can comprise more than 32 verification classes. Each positive decimal integer points out a verification class. Multiple classes can be expressed by separating each class id with a space character. The below rule classes IDs are available.

Standard Rule Classes

Value Rule
1 Special pool
2 Force IRQL checking
4 Pool tracking
5 I/O verification
6 Deadlock detection
8 DMA checking
9 Security checks
12 Miscellaneous checks
18 DDI compliance checking
34 WDF Verification

Additional Rule Classes

The following rule classes are intended for certain scenario testing. The Rule classes are symbolized with (*) require I/O Verification (5) that will be automatically activated. Whereas Flags marked with (**) support deactivating of individual rules. Flags marked with (***) are in logging mode by default and require /onecheck in order to crash upon violation.

Flags marked with (!) require DIF mode (rule class 36) to be enabled.

Value Rule
3 Randomized low resources simulation
10 Force pending I/O requests (*)
11 IRP logging (*)
14 Invariant MDL checking for stack (*)
15 Invariant MDL checking for driver (*)
16 Power framework delay fuzzing
17 Port/miniport interface checking
19 Systematic low resources simulation
20 DDI compliance checking (additional)
22 NDIS/WIFI verification (**)
24 Kernel synchronization delay fuzzing
25 VM switch verification
26 Code integrity checks
33 Driver isolation checks (***, !)
36 DIF mode

Windows 11 Rule Classes

Beginning with Windows 11 the below rule classes are available.

Standard Rule Classes

Value Rule
1 Special pool (^)
2 Force IRQL checking (^)
4 Pool tracking (^)
5 I/O verification (^)
6 Deadlock detection
8 DMA checking
9 Security checks (^)
12 Miscellaneous checks (^)
18 DDI compliance checking (^)
34 WDF Verification

‘/dif’ command automatically comprises “rule class 36”, DIF mode, but /rc and /ruleclasses do not. Flags symbolized with (!) require DIF mode to be enabled. Furthermore, Flags marked with (^) can be enabled without reboot using the ‘/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now’ command.

Additional Rule Classes

Flags marked with (!) require DIF mode (rule class 36) to be enabled.

Value Rule
3 Randomized low resources simulation
10 Force pending I/O requests (*)
11 IRP logging (*)
14 Invariant MDL checking for stack (*)
15 Invariant MDL checking for driver (*)
16 Power framework delay fuzzing
17 Port/miniport interface checking
19 Systematic low resources simulation (!, ^)
20 DDI compliance checking – additional (^)
22 NDIS/WIFI verification (**)
24 Kernel synchronization delay fuzzing
25 VM switch verification
26 Code integrity checks
33 Driver isolation checks (***, !)
36 DIF mode

/log LogFileName [/interval|Seconds] Creates a log file with name LogFileName. Windows driver verifier every now and then writes statistics to this file. For details, see Creating Log Files.

In case, a verifier /log command is typed, the command prompt does not return. In order to close the log file and return a prompt, use the CTRL + C key. Subsequent to a restart, to create a log; you must submit the verifier /log command once more.

Option Description
/interval Seconds Specifies the interval between log file updates. The default is 30 seconds.

/rules Option Options for rules that can be disabled (advanced).

Option Description
query Displays the current status of controllable rules.
reset This option will reset all rules to their default.
default ID Sets rule ID to its default state. For the compatible rules, the rule ID will be the Bug Check 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 1 value.
disable ID Deactivates specified rule ID. For the compatible rules, the rule ID is the Bug Check 0xC4 (“DRIVER_VERIFIER_DETECTED_VIOLATION”) parameter 1 value.

/standard Activates the “standard” or default Driver Verifier options after the next boot. The standard options are Special PoolForce IRQL CheckingPool TrackingI/O VerificationDeadlock DetectionDMA Verification. and WDF Verification The standard options also include Security ChecksMiscellaneous Checks and DDI compliance checking.

 Note

From Windows 10 v1803, using /flags 0x209BB will no longer automatically enable WDF verification. You will need to use the /standard syntax to activate standard options, with WDF verification included.

/stop Disables rule classes enabled via ‘/dif /now’ to halt verification.

/volatile /flags syntax modifies the settings without restarting the computer. Volatile settings come into effect quickly. You are able to exercise the /volatile parameter with the /flags parameter to disable and enable some options without rebooting. Furthermore, you can apply /volatile along with the /removedriver and  /adddriver parameters to stop or start the driver verification without restarting, even if Driver Verifier is not already running.

Indicates the Driver Verifier options that are modified instantly without rebooting. Only the underneath flags can be used with volatile:

“0x00000004 (bit 2) – Randomized low resources simulation” “0x00000020 (bit 5) – Deadlock detection” “0x00000080 (bit 7) – DMA checking” “0x00000200 (bit 9) – Force pending I/O requests” “0x00000400 (bit 10) – IRP logging”

To know more, navigate to Using Volatile Settings.

Option Description
/adddriver VolatileDriverList This option adds clearly specified drivers to the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, go to Using Volatile Settings.
/removedriver VolatileDriverList The option deletes the specified drivers from the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, navigate to Using Volatile Settings.

/reset wipes out all Driver Verifier settings. On the subsequent boot, no drivers will be verified.

The Option /querysettings shows a summary of the choices that will be enabled and drivers that will be verified after the subsequent boot. There you will not find drivers and options added by using the /volatile parameter. For more methods have a look at Viewing Driver Verifier Settings.

/query option shows a brief of the current activity of Driver Verifier. The Level area in the display is the hexadecimal value of options configured with the “/volatile” parameter. Read Monitoring Individual Counters as well as Monitoring Global Counters for interpretation of each statistic.

/domain Types **** Options manage the verifier extension settings. The underneath verifier extension types are supported.

Types Description
wdm The Types enable verifier extension for WDM drivers.
ndis “ndis” enables verifier extension for networking drivers.
ks “ks” Enables verifier extension for kernel mode streaming drivers.
audio As its name, it enables verifier extension for audio drivers.

The following extension options are supported.

Options Description
rules.default “rules.default” Enables default validation rules for the chosen verifier extension.
rules.all “rules.all” Enables all validation rules for the chosen verifier extension.

/logging activates logging for violated rules found out by the selected verifier extensions

/livedump activates live memory dump collection for violating rules unearthed by the selected verifier extensions.

Like always, /? Displays command-line help.

To know detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.

As usual, /help Displays command-line help.

For additional detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.

Driver Verifier Command Syntax Return Codes

The following values are returned after driver verifier has run.

0: EXIT_CODE_SUCCESS

1: EXIT_CODE_ERROR

2: EXIT_CODE_REBOOT_NEEDED

Source – Microsoft docs.

That’s all!!

Sharing is caring    Share Whatsapp

 
  
About Sunita
Love to play with Windows 11 and 10. Suggestion - Going for Registry change or system files edit then remember to take a backup or create a restore point before Starting.