Command syntax for Driver verifier has been revised and updated for the Windows users. The command line tool has got modifications in Rule Classes, parameters, Subparameter, Option, /domain Types, flags, etc. You will see all Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 in the following part.
You know this is the most effective tool to check the drivers in your system. See – How to Identify if a Driver is Causing Issues in Windows 10 with Verifier.
The Driver Verifier Command Syntax for Windows 11, 10, 8, and 7
Here is Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 –
The below syntax is used when running the Verifier tool in a Command Prompt window.
You can type several options on the same single line. For example:
verifier /flags 7 /driver beep.sys disksdd.sys
Driver Verifier Command Syntax Windows 11
verifier /standard /all verifier /standard /driver NAME [NAME ...] verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /all verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /driver NAME [NAME ...] verifier /flags <options> /all verifier /flags <options> /driver NAME [NAME ...] verifier /rules [OPTION ...] verifier /dif [<ruleclass_1> <ruleclass_2> ...] /now /driver NAME [NAME ...] verifier /query verifier /querysettings verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot] verifier /bc <number_of_reboots> verifier /reset verifier /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /faultssystematic [OPTION ...] verifier /log LOG_FILE_NAME [/interval SECONDS] verifier /volatile /flags <options> verifier /volatile /adddriver NAME [NAME ...] verifier /volatile /removedriver NAME [NAME ...] verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /domain <types> <options> /driver ... [/logging | /livedump] verifier /logging verifier /livedump verifier /? verifier /help
Talking about Windows 11 first, driver interception framework aka DIF enabled options can be enabled through the /dif option.
The “/dif” command comprises rule class 36 automatically, DIF mode, whereas “/ruleclasses” and “/rc” do not. Flags categorized with the symbol (!) in the help text require DIF mode to be enabled. Entire Standard rule classes can be enabled and you don’t need to enable DIF mode.
Rules marked with (^) in the help text can be enabled without restart via the “/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now” command.
Standard Rule Classes
| Value | Rule | /now |
| 1 | Special pool | yes |
| 2 | Force IRQL checking | no |
| 4 | Pool tracking | yes |
| 5 | I/O verification | yes |
| 6 | Deadlock detection | no |
| 8 | DMA checking | no |
| 9 | Security checks | yes |
| 12 | Miscellaneous checks | yes |
| 18 | DDI compliance checking | yes |
| 34 | WDF verification | no |
Additional Rule Classes
| Value | Rule | /now | Needs DIF Mode? |
| 3 | Randomized low resources simulation | no | no |
| 10 | Force pending I/O requests | no | no |
| 11 | IRP logging | no | no |
| 14 | Invariant MDL checking for stack | no | no |
| 15 | Invariant MDL checking for driver | no | no |
| 16 | Power framework delay fuzzing | no | no |
| 17 | Port/miniport interface checking | no | no |
| 19 | Systematic low resources simulation | yes | yes |
| 20 | DDI compliance checking (additional) | yes | no |
| 22 | NDIS/WIFI verification | no | no |
| 24 | Kernel synchronization delay fuzzing | no | no |
| 25 | VM switch verification | no | no |
| 26 | Code integrity checks | no | no |
| 33 | Driver isolation checks | no | yes |
| 35 | DDI checking (additional IRQL rules) | yes | yes |
| 36 | DIF mode | yes | n/a |
Driver Verifier Command Syntax Windows 10
You are able to use the “/volatile” parameter with certain Driver Verifier “/flags” options and with “/standard” (all without quotes). Although, you are not able to use /volatile with the /flags options for either of Storport Verification, Power Framework Delay Fuzzing, and DDI compliance checking. To know more, navigate to Using Volatile Settings.
verifier /standard /all verifier /standard /driver NAME [NAME ...] verifier {/ruleclasses | /rc} <options> [<ruleclass_1> <ruleclass_2> ...] /all verifier /flags <options> /all verifier /flags <options> /driver NAME [NAME ...] verifier /rules [OPTION ...] verifier /query verifier /querysettings verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot] verifier /reset verifier /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /faultssystematic [OPTION ...] verifier /log LOG_FILE_NAME [/interval SECONDS] verifier /volatile /flags <options> verifier /volatile /adddriver NAME [NAME ...] verifier /volatile /removedriver NAME [NAME ...] verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /domain <types> <options> /driver ... [/logging | /livedump] verifier /logging verifier /livedump verifier /? verifier /help
Driver Verifier Command Syntax Windows 8.1
This version allows you to use the “/volatile” parameter accompanied by some Driver Verifier “/flags” options and with “/standard“. However, you cannot use /volatile with the /flags options for Storport Verification, DDI compliance checking, and Power Framework Delay Fuzzing. To read further, go to Using Volatile Settings.
verifier /standard /all verifier /standard /driver NAME [NAME ...] verifier /flags <options> /all verifier /flags <options> /driver NAME [NAME ...] verifier /rules [OPTION ...] verifier /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /faultssystematic [OPTION ...] verifier /log LOG_FILE_NAME [/interval SECONDS] verifier /query verifier /querysettings verifier /bootmode [persistent | disableafterfail | oneboot] verifier /reset verifier /volatile /flags <options> verifier /volatile /adddriver NAME [NAME ...] verifier /volatile /removedriver NAME [NAME ...] verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins] verifier /?
Windows 8, Windows 7 Syntax
These editions also allow you to use the /volatile parameter with some Driver Verifier /flags choices and with /standard. You cannot use /volatile with the /flags options for DDI compliance checking, Power Framework Delay Fuzzing, Storport Verification, SCSI Verification, furthermore, with /disk. For details, see Using Volatile Settings.
verifier [/volatile] [/standard | /flags Options ] [ /all | /driver DriverList ] verifier /volatile /faults [Probability PoolTags Applications DelayMins] /driver DriverList verifier /volatile {/adddriver | /removedriver} DriverList verifier /reset verifier /querysettings verifier /query verifier /log LogFileName [/interval Seconds] verifier /?
Parameters
Verifier Command-Line Syntax
The syntax “/all” (without quotes) Directs the Driver Verifier to verify entire installed drivers after the subsequent boot.
The cmd command “/bc <number_of_reboots>” determines the number of reboots for which verification should be active.
This option will automatically apply the “ResetOnUnusualShutdown boot mode”.
/bootmode mode handles if the settings for Windows Driver Verifier are enabled after a reboot. To change this option, you must restart the system.
| Bootmode | Description |
| persistent | This option determines that the Driver Verifier settings persist over several reboots. This is the default setting. |
| resetonbootfail | This will disable Driver Verifier for coming restarts if the system failed to start. |
| oneboot | The option is applicable to enable the Driver Verifier settings for the next time the computer starts. Furthermore, the Driver Verifier will be disabled for subsequent reboots. |
| resetonunusualshutdown | Using this mode, Driver Verifier will persist until an abnormal shutdown occurs (First time applied in Windows 10 v1709). This is the full form of, ‘rous’. |
Now, /dif DifEnabledRule activates checking using a Dif enabled rule. This checking will be applied the next time the system is rebooted. This is added in Windows 11.
“/dif /now” DifEnabledRule instantly enables checking using a Dif enabled rule. The syntax enables the rule classes straight away and does not need a reboot. This option is only permissible if no rule classes are beforehand running. Navigate to the Windows 11 rule class descriptions to read the rule classes capable of immediate activation.
/driver DriverList defines one or more drivers that will be verified. DriverList is a list of drivers by binary name, such as Driver.sys. Use a space to separate each driver’s name. Wildcard values, such as n*.sys, are not supported.
/driver.exclude is the syntax for DriverList that indicates one or plural number of drivers that will be excluded from verification. This parameter puts effect only if all drivers are chosen for verification. DriverList is meant to the list of drivers by binary name, for example, Driver.sys. You will have to put a space to differentiate each driver name. Note that Wildcard values, for ex. n*.sys, are not supported.
/faults syntax activates the Low Resources Simulation in Driver Verifier. However, you can use /faults replacing /flags 0x4. Remember that you cannot use /flags 0x4 accompanied by the /faults subparameters.
See the underneath subparameters of the /faults in order to configure Low Resources Simulation –
| Subparameter | Description |
| Probability | This Subparameter indicates the possibility that Windows driver verifier will fail a given allocation. Please type a number (in hexadecimal or decimal) to signify the number of chances in 10,000 that Driver Verifier will be unable to the allocation. The default value, 600, denotes 600/10000 or 6%. |
| Pool Tags | Restricts the allocations that Driver Verifier can be unsuccessful to allocations with the specified pool tags. This subparameter allows you to use a wildcard character (*) to represent several pool tags. To list manifold pool tags, separate the tags with spaces. By default, all allocations can fail. |
| Applications | This will also restrict the allocations that Driver Verifier can fail to allocations for the specified program. You need to type the name of an exe file. When listing programs, separate the program names with spaces. By default, all allocations can fail. |
| DelayMins | Thissubparameter indicates the number of minutes after starting during which Driver Verifier does not purposely fail any allocations. This delay permits the drivers to load and the system to stabilize before the test begins. So, type a number (in hexadecimal or decimal). The default integer is 7 (minutes). |
Command /faultssystematic denotes the choices for Systematic low resources simulation. “0x40000” is the correct flag to choose Systematic low resources simulation.
| Option | Description |
| enableboottime | This option enables fault injections across computer restarts. |
| disableboottime | “disableboottime” disables fault injections across computer restarts by default. |
| recordboottime | “recordboottime” activates fault injections in what if mode across computer restarts. |
| resetboottime | “resetboottime” disables fault injections across PC restarts and deletes the stack exclusion list. |
| enableruntime | “enableruntime” effectively enables fault injections. |
| disableruntime | In the same way, this option effectively disables fault injections. |
| recordruntime | Fault injections in what if mode is effectively enabled. |
| resetruntime | Fault injections are dynamically enabled and the previously faulted stack list is cleared. |
| querystatistics | Displays the present fault injection statistics. |
| incrementcounter | Increments the test pass counter used to recognize when a fault was injected. |
| getstackid COUNTER | The option retrieves the specified injected stack identifier. |
| excludestack STACKID | This option excludes the stack from fault injection. |
/flags Options enable the said options after the next reboot. This number can be entered in decimal or in hexadecimal (with an 0x prefix) format. Any combination of the following values is allowed.
| Decimal | Hexadecimal | Standard Setting | Option |
| 1 | 0x1 (bit 0) | X | Special Pool |
| 2 | 0x2 (bit 1) | X | Force IRQL Checking |
| 4 | 0x4 (bit 2) | Low Resources Simulation | |
| 8 | 0x8 (bit 3) | X | Pool Tracking |
| 16 | 0x10 (bit 4) | X | I/O Verification |
| 32 | 0x20 (bit 5) | X | Deadlock Detection |
| 64 | 0x40 (bit 6) | Enhanced I/O Verification This option is automatically activated when you select I/O Verification | |
| 128 | 0x80 (bit 7) | X | DMA Verification |
| 256 | 0x100 (bit 8) | X | Security Checks |
| 512 | 0x200 (bit 9) | Force Pending I/O Requests | |
| 1024 | 0x400 (bit 10) | IRP Logging | |
| 2048 | 0x800 (bit 11) | X | Miscellaneous Checks |
| 8192 | 0x2000 (bit 13) | Invariant MDL Checking for Stack (Starting with Windows 8) | |
| 16384 | 0x4000 (bit 14) | Invariant MDL Checking for Driver (Starting with Windows 8) | |
| 32768 | 0x8000 (bit 15) | Power Framework Delay Fuzzing (Starting with Windows 8) (Deprecated in Windows 10 Build 19042 and above) | |
| 65536 | 0x10000 (bit 16) | Port/miniport interface checking (Starting with Windows 10) | |
| 131072 | 0x20000 (bit 17) | X | DDI compliance checking (Starting with Windows 8) |
| 262144 | 0x40000 (bit 18) | Systematic low resources simulation (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above) | |
| 524288 | 0x80000 (bit 19) | DDI compliance checking (additional) (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above) | |
| 2097152 | 0x200000 (bit 21) | NDIS/WIFI verification (Starting with Windows 8.1) | |
| 8388608 | 0x800000 (bit 23) | Kernel synchronization delay fuzzing (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above) | |
| 16777216 | 0x1000000 (bit 24) | VM switch verification (Starting with Windows 8.1) | |
| 33554432 | 0x2000000 (bit 25) | Code integrity checks (Starting with Windows 10) |
You cannot use this process to enable the Storport Verification options. To know more detail, see Storport Verification.
/flags VolatileOptions indicates the Driver Verifier options that are modified instantly without restarting.
You can use the /volatile parameter with all /flags values.)
Enter a number in hexadecimal or decimal format (having an 0x prefix).
Any combination of the underneath values is permitted.
| Hexadecimal | Option |
| 0x00000004 (bit 2) | Randomized Low Resources Simulation |
| 0x00000020 (bit 5) | Deadlock detection |
| 0x00000080 (bit 7) | DMA checking |
| 0x00000200 (bit 9) | Force pending I/O requests |
| 0x00000400 (bit 10) | IRP Logging |
/ruleclasses or /rc <ruleclass_1> <ruleclass_2> … <ruleclass_k>
The ruleclasses parameter is working on Windows 10 v1803 and further.
However, the ‘/flags’ parameter has some verification classes but The ruleclasses parameter encompasses a greater set of the same. While ‘/flags’ is restricted to a 32 bit bitmap expression, ruleclasses option can comprise more than 32 verification classes. Each positive decimal integer points out a verification class. Multiple classes can be expressed by separating each class id with a space character. The below rule classes IDs are available.
Standard Rule Classes
| Value | Rule |
| 1 | Special pool |
| 2 | Force IRQL checking |
| 4 | Pool tracking |
| 5 | I/O verification |
| 6 | Deadlock detection |
| 8 | DMA checking |
| 9 | Security checks |
| 12 | Miscellaneous checks |
| 18 | DDI compliance checking |
| 34 | WDF Verification |
Additional Rule Classes
The following rule classes are intended for certain scenario testing. The Rule classes are symbolized with (*) require I/O Verification (5) that will be automatically activated. Whereas Flags marked with (**) support deactivating of individual rules. Flags marked with (***) are in logging mode by default and require /onecheck in order to crash upon violation.
Flags marked with (!) require DIF mode (rule class 36) to be enabled.
| Value | Rule |
| 3 | Randomized low resources simulation |
| 10 | Force pending I/O requests (*) |
| 11 | IRP logging (*) |
| 14 | Invariant MDL checking for stack (*) |
| 15 | Invariant MDL checking for driver (*) |
| 16 | Power framework delay fuzzing |
| 17 | Port/miniport interface checking |
| 19 | Systematic low resources simulation |
| 20 | DDI compliance checking (additional) |
| 22 | NDIS/WIFI verification (**) |
| 24 | Kernel synchronization delay fuzzing |
| 25 | VM switch verification |
| 26 | Code integrity checks |
| 33 | Driver isolation checks (***, !) |
| 36 | DIF mode |
Windows 11 Rule Classes
Beginning with Windows 11 the below rule classes are available.
Standard Rule Classes
| Value | Rule |
| 1 | Special pool (^) |
| 2 | Force IRQL checking (^) |
| 4 | Pool tracking (^) |
| 5 | I/O verification (^) |
| 6 | Deadlock detection |
| 8 | DMA checking |
| 9 | Security checks (^) |
| 12 | Miscellaneous checks (^) |
| 18 | DDI compliance checking (^) |
| 34 | WDF Verification |
‘/dif’ command automatically comprises “rule class 36”, DIF mode, but /rc and /ruleclasses do not. Flags symbolized with (!) require DIF mode to be enabled. Furthermore, Flags marked with (^) can be enabled without reboot using the ‘/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now’ command.
Additional Rule Classes
Flags marked with (!) require DIF mode (rule class 36) to be enabled.
| Value | Rule |
| 3 | Randomized low resources simulation |
| 10 | Force pending I/O requests (*) |
| 11 | IRP logging (*) |
| 14 | Invariant MDL checking for stack (*) |
| 15 | Invariant MDL checking for driver (*) |
| 16 | Power framework delay fuzzing |
| 17 | Port/miniport interface checking |
| 19 | Systematic low resources simulation (!, ^) |
| 20 | DDI compliance checking – additional (^) |
| 22 | NDIS/WIFI verification (**) |
| 24 | Kernel synchronization delay fuzzing |
| 25 | VM switch verification |
| 26 | Code integrity checks |
| 33 | Driver isolation checks (***, !) |
| 36 | DIF mode |
/log LogFileName [/interval|Seconds] Creates a log file with name LogFileName. Windows driver verifier every now and then writes statistics to this file. For details, see Creating Log Files.
In case, a verifier /log command is typed, the command prompt does not return. In order to close the log file and return a prompt, use the CTRL + C key. Subsequent to a restart, to create a log; you must submit the verifier /log command once more.
| Option | Description |
| /interval Seconds | Specifies the interval between log file updates. The default is 30 seconds. |
/rules Option Options for rules that can be disabled (advanced).
| Option | Description |
| query | Displays the current status of controllable rules. |
| reset | This option will reset all rules to their default. |
| default ID | Sets rule ID to its default state. For the compatible rules, the rule ID will be the Bug Check 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 1 value. |
| disable ID | Deactivates specified rule ID. For the compatible rules, the rule ID is the Bug Check 0xC4 (“DRIVER_VERIFIER_DETECTED_VIOLATION”) parameter 1 value. |
/standard Activates the “standard” or default Driver Verifier options after the next boot. The standard options are Special Pool, Force IRQL Checking, Pool Tracking, I/O Verification, Deadlock Detection, DMA Verification. and WDF Verification The standard options also include Security Checks, Miscellaneous Checks and DDI compliance checking.
Note
From Windows 10 v1803, using /flags 0x209BB will no longer automatically enable WDF verification. You will need to use the /standard syntax to activate standard options, with WDF verification included.
/stop Disables rule classes enabled via ‘/dif /now’ to halt verification.
/volatile /flags syntax modifies the settings without restarting the computer. Volatile settings come into effect quickly. You are able to exercise the /volatile parameter with the /flags parameter to disable and enable some options without rebooting. Furthermore, you can apply /volatile along with the /removedriver and /adddriver parameters to stop or start the driver verification without restarting, even if Driver Verifier is not already running.
Indicates the Driver Verifier options that are modified instantly without rebooting. Only the underneath flags can be used with volatile:
“0x00000004 (bit 2) – Randomized low resources simulation” “0x00000020 (bit 5) – Deadlock detection” “0x00000080 (bit 7) – DMA checking” “0x00000200 (bit 9) – Force pending I/O requests” “0x00000400 (bit 10) – IRP logging”
To know more, navigate to Using Volatile Settings.
| Option | Description |
| /adddriver VolatileDriverList | This option adds clearly specified drivers to the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, go to Using Volatile Settings. |
| /removedriver VolatileDriverList | The option deletes the specified drivers from the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, navigate to Using Volatile Settings. |
/reset wipes out all Driver Verifier settings. On the subsequent boot, no drivers will be verified.
The Option /querysettings shows a summary of the choices that will be enabled and drivers that will be verified after the subsequent boot. There you will not find drivers and options added by using the /volatile parameter. For more methods have a look at Viewing Driver Verifier Settings.
/query option shows a brief of the current activity of Driver Verifier. The Level area in the display is the hexadecimal value of options configured with the “/volatile” parameter. Read Monitoring Individual Counters as well as Monitoring Global Counters for interpretation of each statistic.
/domain Types **** Options manage the verifier extension settings. The underneath verifier extension types are supported.
| Types | Description |
| wdm | The Types enable verifier extension for WDM drivers. |
| ndis | “ndis” enables verifier extension for networking drivers. |
| ks | “ks” Enables verifier extension for kernel mode streaming drivers. |
| audio | As its name, it enables verifier extension for audio drivers. |
The following extension options are supported.
| Options | Description |
| rules.default | “rules.default” Enables default validation rules for the chosen verifier extension. |
| rules.all | “rules.all” Enables all validation rules for the chosen verifier extension. |
/logging activates logging for violated rules found out by the selected verifier extensions
/livedump activates live memory dump collection for violating rules unearthed by the selected verifier extensions.
Like always, /? Displays command-line help.
To know detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.
As usual, /help Displays command-line help.
For additional detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.
Driver Verifier Command Syntax Return Codes
The following values are returned after driver verifier has run.
0: EXIT_CODE_SUCCESS
1: EXIT_CODE_ERROR
2: EXIT_CODE_REBOOT_NEEDED
Source – Microsoft docs.
That’s all!!