Today I wanted to mix it up a little. I want to talk a little about debugging, more specifically about using driver verifier. If you have seen a Windows bug check, aka the blue screen of death, then you have probably seen a DRIVER_IRQL_NOT_LESS_OR_EQUAL. This particular bug check has two codes associated with it; 0x0000000A and 0x000000D1. In the majority of cases, this bug check is caused by a 3rd party driver that is misbehaving. Most of the time the cause can be identified by debugging the kernel memory dump. Sometimes however the problematic driver is paged out and is no longer present in the memory dump. In this case we can use driver verifier to catch this misbehaving driver and force a bug check to happen before the driver is paged out. The rest of this article will discuss how to enable driver verifier for this scenario.
- Click Start, or in Windows 2012 and higher right-click Start, and choose Run. Type in verifier and click OK.
- From the select a task options, select “Create custom settings (for code developers)” and click Next.
- From the select individual settings from this full list, tick the check box for Special pool and click Next.
- From the select what drivers to verify options, select “Select driver names from a list” and click Next.
- Sort the driver list by provider. Tick the check box for all drivers that are not provided by Microsoft, and click Finish. We do this so that we can monitor all 3rd party drivers.
- Reboot the server.
After the server is rebooted all 3rd party drivers will be monitored. If one of them should misbehave, driver verifier will force the system to bug check. It should then be fairly simple to find the problem driver in the memory dump.
If you have any suggestions for this article, please leave a comment below.
Glennopedia 