Enable Driver Verifier to Help Identify Blue Screen Causes

The driver verifier (verifier.exe) is a tool that is built in to Windows to help identify problematic drivers that cause errors that do not result in informative crash dumps. The driver verifier uses special system calls to help identify a number of issues and in many cases helps to identify the real driver causing the issue (often useful for memory dumps that reference ntoskrnl.exe, ntkrnlpa.exe, ntkrnlmp.exe, and ntkrnlpamp.exe). In other cases where the cause is not fully verified, driver verifier may also provide assistance in detecting badly behaving drivers.

Enabling Driver Verifier

To enable driver verifier, run the verifier.exe utility,



In most cases, the standard settings will work. Some specialized cases may require Force pending I/O requests, Low resources simulation, or IRP Logging, which are not included in the standard settings. The tests included in the standard settings are Special pool, Pool tracking, Force IRQL checking, I/O verification, Deadlock detection, DMA checking, Security checks, and Miscellaneous checks.



Unless a specific driver is suspected, all drivers should be checked to start.



The system must be rebooted for the verifier settings to take effect. Driver verifier will check for drivers that are corrupting the system state and will trigger a blue screen and create a memory dump that can then be analyzed to help pinpoint the cause of the crash. Note that if the system enters a reboot/crash loop after enabling driver verifier, use the instructions below to disable the driver verifier in safe mode.

Disabling Driver Verifier

After the troubleshooting is complete, the settings can be deleted using the driver verifier utility. Select the "Delete existing settings" option and click finish. If the system hangs on reboot, then it may be necessary to disable driver verifier through safe mode.



See Also,
Windows Crash Dump Analysis