Driver Verifier Command Syntax for Windows 11, 10, 8, 7 (Updated)

Compilation of all the Driver Verifier Command Syntax for Windows 11, 10, 8, and 7.

Driver Verifier Command Syntax for Windows 11, 10, 8, 7

Command syntax for Driver verifier has been revised and updated for the Windows users. The command line tool has got modifications in Rule Classes, parameters, Subparameter, Option, /domain Types, flags, etc. You will see all Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 in the following part.

You know this is the most effective tool to check the drivers in your system. See – How to Identify if a Driver is Causing Issues in Windows 10 with Verifier.

The Driver Verifier Command Syntax for Windows 11, 10, 8, and 7

Here is Driver Verifier Command Syntax for Windows 11, 10, 8, and 7 –

The below syntax is used when running the Verifier tool in a Command Prompt window.

You can type several options on the same single line. For example:

verifier /flags 7 /driver beep.sys disksdd.sys

Driver Verifier Command Syntax Windows 11

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /all
verifier {/ruleclasses | /rc | dif} <options> [<ruleclass_1> <ruleclass_2> ...] /driver NAME [NAME ...]
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /dif [<ruleclass_1> <ruleclass_2> ...] /now /driver NAME [NAME ...]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot]
verifier /bc <number_of_reboots>
verifier /reset
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /domain <types> <options> /driver ... [/logging | /livedump]
verifier /logging
verifier /livedump
verifier /?
verifier /help

Talking about Windows 11 first, driver interception framework aka DIF enabled options can be enabled through the /dif option.

The “/dif” command comprises rule class 36 automatically, DIF mode, whereas “/ruleclasses” and “/rc” do not. Flags categorized with the symbol (!) in the help text require DIF mode to be enabled. Entire Standard rule classes can be enabled and you don’t need to enable DIF mode.

Rules marked with (^) in the help text can be enabled without restart via the “/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now” command.

Standard Rule Classes

ValueRule/now
1Special poolyes
2Force IRQL checkingno
4Pool trackingyes
5I/O verificationyes
6Deadlock detectionno
8DMA checkingno
9Security checksyes
12Miscellaneous checksyes
18DDI compliance checkingyes
34WDF verificationno

Additional Rule Classes

ValueRule/nowNeeds DIF Mode?
3Randomized low resources simulationnono
10Force pending I/O requestsnono
11IRP loggingnono
14Invariant MDL checking for stacknono
15Invariant MDL checking for drivernono
16Power framework delay fuzzingnono
17Port/miniport interface checkingnono
19Systematic low resources simulationyesyes
20DDI compliance checking (additional)yesno
22NDIS/WIFI verificationnono
24Kernel synchronization delay fuzzingnono
25VM switch verificationnono
26Code integrity checksnono
33Driver isolation checksnoyes
35DDI checking (additional IRQL rules)yesyes
36DIF modeyesn/a

Driver Verifier Command Syntax Windows 10

You are able to use the “/volatile” parameter with certain Driver Verifier “/flags” options and with “/standard” (all without quotes). Although, you are not able to use /volatile with the /flags options for either of Storport VerificationPower Framework Delay Fuzzing, and DDI compliance checking. To know more, navigate to Using Volatile Settings.

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier {/ruleclasses | /rc} <options> [<ruleclass_1> <ruleclass_2> ...] /all
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | resetonbootfail | resetonunusualshutdown | oneboot]
verifier /reset
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /domain <types> <options> /driver ... [/logging | /livedump]
verifier /logging
verifier /livedump
verifier /?
verifier /help

Driver Verifier Command Syntax Windows 8.1

This version allows you to use the “/volatile” parameter accompanied by some Driver Verifier “/flags” options and with “/standard“. However, you cannot use /volatile with the /flags options for Storport VerificationDDI compliance checking, and Power Framework Delay Fuzzing. To read further, go to Using Volatile Settings.

verifier /standard /all
verifier /standard /driver NAME [NAME ...]
verifier /flags <options> /all
verifier /flags <options> /driver NAME [NAME ...]
verifier /rules [OPTION ...]
verifier /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /faultssystematic [OPTION ...]
verifier /log LOG_FILE_NAME [/interval SECONDS]
verifier /query
verifier /querysettings
verifier /bootmode [persistent | disableafterfail | oneboot]
verifier /reset
verifier /volatile /flags <options>
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [Probability] [PoolTags] [Applications] [DelayMins]
verifier /?

Windows 8, Windows 7 Syntax

These editions also allow you to use the /volatile parameter with some Driver Verifier /flags choices and with /standard. You cannot use /volatile with the /flags options for DDI compliance checkingPower Framework Delay FuzzingStorport Verification, SCSI Verification, furthermore, with /disk. For details, see Using Volatile Settings.

verifier [/volatile] [/standard | /flags Options ] [ /all | /driver DriverList ]
verifier /volatile /faults [Probability PoolTags Applications DelayMins] /driver DriverList
verifier /volatile {/adddriver | /removedriver} DriverList
verifier /reset
verifier /querysettings
verifier /query
verifier /log LogFileName [/interval Seconds]
verifier /?

Parameters

Verifier Command-Line Syntax

The syntax “/all” (without quotes) Directs the Driver Verifier to verify entire installed drivers after the subsequent boot.

The cmd command “/bc <number_of_reboots>” determines the number of reboots for which verification should be active.

This option will automatically apply the “ResetOnUnusualShutdown boot mode”.

/bootmode mode handles if the settings for Windows Driver Verifier are enabled after a reboot. To change this option, you must restart the system.

BootmodeDescription
persistentThis option determines that the Driver Verifier settings persist over several reboots. This is the default setting.
resetonbootfailThis will disable Driver Verifier for coming restarts if the system failed to start.
onebootThe option is applicable to enable the Driver Verifier settings for the next time the computer starts. Furthermore, the Driver Verifier will be disabled for subsequent reboots.
resetonunusualshutdownUsing this mode, Driver Verifier will persist until an abnormal shutdown occurs (First time applied in  Windows 10 v1709). This is the full form of, ‘rous’.

Now, /dif DifEnabledRule activates checking using a Dif enabled rule. This checking will be applied the next time the system is rebooted. This is added in Windows 11.

“/dif /now” DifEnabledRule instantly enables checking using a Dif enabled rule. The syntax enables the rule classes straight away and does not need a reboot. This option is only permissible if no rule classes are beforehand running. Navigate to the Windows 11 rule class descriptions to read the rule classes capable of immediate activation.

/driver DriverList defines one or more drivers that will be verified. DriverList is a list of drivers by binary name, such as Driver.sys. Use a space to separate each driver’s name. Wildcard values, such as n*.sys, are not supported.

/driver.exclude is the syntax for DriverList that indicates one or plural number of drivers that will be excluded from verification. This parameter puts effect only if all drivers are chosen for verification. DriverList is meant to the list of drivers by binary name, for example, Driver.sys. You will have to put a space to differentiate each driver name. Note that Wildcard values, for ex. n*.sys, are not supported.

/faults syntax activates the Low Resources Simulation in Driver Verifier. However, you can use /faults replacing /flags 0x4. Remember that you cannot use /flags 0x4 accompanied by the /faults subparameters.

See the underneath subparameters of the /faults in order to configure Low Resources Simulation –

SubparameterDescription
ProbabilityThis Subparameter indicates the possibility that Windows driver verifier will fail a given allocation. Please type a number (in hexadecimal or decimal) to signify the number of chances in 10,000 that Driver Verifier will be unable to the allocation. The default value, 600, denotes 600/10000 or 6%.
Pool TagsRestricts the allocations that Driver Verifier can be unsuccessful to allocations with the specified pool tags. This subparameter allows you to use a wildcard character (*) to represent several pool tags. To list manifold pool tags, separate the tags with spaces. By default, all allocations can fail.
ApplicationsThis will also restrict the allocations that Driver Verifier can fail to allocations for the specified program. You need to type the name of an exe file. When listing programs, separate the program names with spaces. By default, all allocations can fail.
DelayMinsThissubparameter indicates the number of minutes after starting during which Driver Verifier does not purposely fail any allocations. This delay permits the drivers to load and the system to stabilize before the test begins. So, type a number (in hexadecimal or decimal). The default integer is 7 (minutes).

Command /faultssystematic denotes the choices for Systematic low resources simulation. “0x40000” is the correct flag to choose Systematic low resources simulation.

OptionDescription
enableboottimeThis option enables fault injections across computer restarts.
disableboottime“disableboottime” disables fault injections across computer restarts by default.
recordboottime“recordboottime” activates fault injections in what if mode across computer restarts.
resetboottime“resetboottime” disables fault injections across PC restarts and deletes the stack exclusion list.
enableruntime“enableruntime” effectively enables fault injections.
disableruntimeIn the same way, this option effectively disables fault injections.
recordruntimeFault injections in what if mode is effectively enabled.
resetruntimeFault injections are dynamically enabled and the previously faulted stack list is cleared.
querystatisticsDisplays the present fault injection statistics.
incrementcounterIncrements the test pass counter used to recognize when a fault was injected.
getstackid COUNTERThe option retrieves the specified injected stack identifier.
excludestack STACKIDThis option excludes the stack from fault injection.

/flags Options enable the said options after the next reboot. This number can be entered in decimal or in hexadecimal (with an 0x prefix) format. Any combination of the following values is allowed.

DecimalHexadecimalStandard SettingOption
10x1 (bit 0)XSpecial Pool
20x2 (bit 1)XForce IRQL Checking
40x4 (bit 2)Low Resources Simulation
80x8 (bit 3)XPool Tracking
160x10 (bit 4)XI/O Verification
320x20 (bit 5)XDeadlock Detection
640x40 (bit 6)Enhanced I/O Verification This option is automatically activated when you select I/O Verification
1280x80 (bit 7)XDMA Verification
2560x100 (bit 8)XSecurity Checks
5120x200 (bit 9)Force Pending I/O Requests
10240x400 (bit 10)IRP Logging
20480x800 (bit 11)XMiscellaneous Checks
81920x2000 (bit 13)Invariant MDL Checking for Stack (Starting with Windows 8)
163840x4000 (bit 14)Invariant MDL Checking for Driver (Starting with Windows 8)
327680x8000 (bit 15)Power Framework Delay Fuzzing (Starting with Windows 8) (Deprecated in Windows 10 Build 19042 and above)
655360x10000 (bit 16)Port/miniport interface checking (Starting with Windows 10)
1310720x20000 (bit 17)XDDI compliance checking (Starting with Windows 8)
2621440x40000 (bit 18)Systematic low resources simulation (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
5242880x80000 (bit 19)DDI compliance checking (additional) (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
20971520x200000 (bit 21)NDIS/WIFI verification (Starting with Windows 8.1)
83886080x800000 (bit 23)Kernel synchronization delay fuzzing (Starting with Windows 8.1) (Deprecated in Windows 10 Build 19042 and above)
167772160x1000000 (bit 24)VM switch verification (Starting with Windows 8.1)
335544320x2000000 (bit 25)Code integrity checks (Starting with Windows 10)

You cannot use this process to enable the Storport Verification options. To know more detail, see Storport Verification.

/flags VolatileOptions indicates the Driver Verifier options that are modified instantly without restarting.

You can use the /volatile parameter with all /flags values.)

Enter a number in hexadecimal or decimal format (having an 0x prefix).

Any combination of the underneath values is permitted.

HexadecimalOption
0x00000004 (bit 2)Randomized Low Resources Simulation
0x00000020 (bit 5)Deadlock detection
0x00000080 (bit 7)DMA checking
0x00000200 (bit 9)Force pending I/O requests
0x00000400 (bit 10)IRP Logging

/ruleclasses or /rc <ruleclass_1> <ruleclass_2> … <ruleclass_k>

The ruleclasses parameter is working on Windows 10 v1803 and further.

However, the ‘/flags’ parameter has some verification classes but The ruleclasses parameter encompasses a greater set of the same. While ‘/flags’ is restricted to a 32 bit bitmap expression, ruleclasses option can comprise more than 32 verification classes. Each positive decimal integer points out a verification class. Multiple classes can be expressed by separating each class id with a space character. The below rule classes IDs are available.

Standard Rule Classes

ValueRule
1Special pool
2Force IRQL checking
4Pool tracking
5I/O verification
6Deadlock detection
8DMA checking
9Security checks
12Miscellaneous checks
18DDI compliance checking
34WDF Verification

Additional Rule Classes

The following rule classes are intended for certain scenario testing. The Rule classes are symbolized with (*) require I/O Verification (5) that will be automatically activated. Whereas Flags marked with (**) support deactivating of individual rules. Flags marked with (***) are in logging mode by default and require /onecheck in order to crash upon violation.

Flags marked with (!) require DIF mode (rule class 36) to be enabled.

ValueRule
3Randomized low resources simulation
10Force pending I/O requests (*)
11IRP logging (*)
14Invariant MDL checking for stack (*)
15Invariant MDL checking for driver (*)
16Power framework delay fuzzing
17Port/miniport interface checking
19Systematic low resources simulation
20DDI compliance checking (additional)
22NDIS/WIFI verification (**)
24Kernel synchronization delay fuzzing
25VM switch verification
26Code integrity checks
33Driver isolation checks (***, !)
36DIF mode

Windows 11 Rule Classes

Beginning with Windows 11 the below rule classes are available.

Standard Rule Classes

ValueRule
1Special pool (^)
2Force IRQL checking (^)
4Pool tracking (^)
5I/O verification (^)
6Deadlock detection
8DMA checking
9Security checks (^)
12Miscellaneous checks (^)
18DDI compliance checking (^)
34WDF Verification

‘/dif’ command automatically comprises “rule class 36”, DIF mode, but /rc and /ruleclasses do not. Flags symbolized with (!) require DIF mode to be enabled. Furthermore, Flags marked with (^) can be enabled without reboot using the ‘/dif [<ruleclass_1> <ruleclass_2> <ruleclass_k>] /now’ command.

Additional Rule Classes

Flags marked with (!) require DIF mode (rule class 36) to be enabled.

ValueRule
3Randomized low resources simulation
10Force pending I/O requests (*)
11IRP logging (*)
14Invariant MDL checking for stack (*)
15Invariant MDL checking for driver (*)
16Power framework delay fuzzing
17Port/miniport interface checking
19Systematic low resources simulation (!, ^)
20DDI compliance checking – additional (^)
22NDIS/WIFI verification (**)
24Kernel synchronization delay fuzzing
25VM switch verification
26Code integrity checks
33Driver isolation checks (***, !)
36DIF mode

/log LogFileName [/interval|Seconds] Creates a log file with name LogFileName. Windows driver verifier every now and then writes statistics to this file. For details, see Creating Log Files.

In case, a verifier /log command is typed, the command prompt does not return. In order to close the log file and return a prompt, use the CTRL + C key. Subsequent to a restart, to create a log; you must submit the verifier /log command once more.

OptionDescription
/interval SecondsSpecifies the interval between log file updates. The default is 30 seconds.

/rules Option Options for rules that can be disabled (advanced).

OptionDescription
queryDisplays the current status of controllable rules.
resetThis option will reset all rules to their default.
default IDSets rule ID to its default state. For the compatible rules, the rule ID will be the Bug Check 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) parameter 1 value.
disable IDDeactivates specified rule ID. For the compatible rules, the rule ID is the Bug Check 0xC4 (“DRIVER_VERIFIER_DETECTED_VIOLATION”) parameter 1 value.

/standard Activates the “standard” or default Driver Verifier options after the next boot. The standard options are Special PoolForce IRQL CheckingPool TrackingI/O VerificationDeadlock DetectionDMA Verification. and WDF Verification The standard options also include Security ChecksMiscellaneous Checks and DDI compliance checking.

 Note

From Windows 10 v1803, using /flags 0x209BB will no longer automatically enable WDF verification. You will need to use the /standard syntax to activate standard options, with WDF verification included.

/stop Disables rule classes enabled via ‘/dif /now’ to halt verification.

/volatile /flags syntax modifies the settings without restarting the computer. Volatile settings come into effect quickly. You are able to exercise the /volatile parameter with the /flags parameter to disable and enable some options without rebooting. Furthermore, you can apply /volatile along with the /removedriver and  /adddriver parameters to stop or start the driver verification without restarting, even if Driver Verifier is not already running.

Indicates the Driver Verifier options that are modified instantly without rebooting. Only the underneath flags can be used with volatile:

“0x00000004 (bit 2) – Randomized low resources simulation” “0x00000020 (bit 5) – Deadlock detection” “0x00000080 (bit 7) – DMA checking” “0x00000200 (bit 9) – Force pending I/O requests” “0x00000400 (bit 10) – IRP logging”

To know more, navigate to Using Volatile Settings.

OptionDescription
/adddriver VolatileDriverListThis option adds clearly specified drivers to the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, go to Using Volatile Settings.
/removedriver VolatileDriverListThe option deletes the specified drivers from the volatile settings. To specify manifold drivers, list their names, separated by spaces. Wildcard values, for example, n.sys, are not supported. To know more, navigate to Using Volatile Settings.

/reset wipes out all Driver Verifier settings. On the subsequent boot, no drivers will be verified.

The Option /querysettings shows a summary of the choices that will be enabled and drivers that will be verified after the subsequent boot. There you will not find drivers and options added by using the /volatile parameter. For more methods have a look at Viewing Driver Verifier Settings.

/query option shows a brief of the current activity of Driver Verifier. The Level area in the display is the hexadecimal value of options configured with the “/volatile” parameter. Read Monitoring Individual Counters as well as Monitoring Global Counters for interpretation of each statistic.

/domain Types **** Options manage the verifier extension settings. The underneath verifier extension types are supported.

TypesDescription
wdmThe Types enable verifier extension for WDM drivers.
ndis“ndis” enables verifier extension for networking drivers.
ks“ks” Enables verifier extension for kernel mode streaming drivers.
audioAs its name, it enables verifier extension for audio drivers.

The following extension options are supported.

OptionsDescription
rules.default“rules.default” Enables default validation rules for the chosen verifier extension.
rules.all“rules.all” Enables all validation rules for the chosen verifier extension.

/logging activates logging for violated rules found out by the selected verifier extensions

/livedump activates live memory dump collection for violating rules unearthed by the selected verifier extensions.

Like always, /? Displays command-line help.

To know detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.

As usual, /help Displays command-line help.

For additional detail about the use of these commands, read Monitoring Driver Verifier and Controlling Driver Verifier.

Driver Verifier Command Syntax Return Codes

The following values are returned after driver verifier has run.

0: EXIT_CODE_SUCCESS

1: EXIT_CODE_ERROR

2: EXIT_CODE_REBOOT_NEEDED

Source – Microsoft docs.

That’s all!!

  
About Sunita
Love to play with Windows 10. Suggestion - Going for Registry change or system files edit then remember to take a backup or create a restore point before Starting.