Wednesday, November 23, 2011

Identifying Problem Drivers: Signature Verification Tool

There is no shortage of bad software floating around the modern Internet. Many companies and people alike  find ways to piece things together without looking at development best practices and following good design practices. When this occurs with low level (close to the hardware) programs such as kernel mode device drivers, the result can range from random crashes to destroyed hardware.

To help prevent problems caused by device drivers, Microsoft created the Windows Logo Program and the tests administered by the Windows Hardware Quality Lab (WHQL) to help prevent the buggiest and most poorly developed drivers from becoming mainstream. These programs don't guarantee that drivers and devices will be free of errors, but they help to limit the number of errors experienced by an average user.

From time to time, people install unsigned device drivers to support an application or device that has not successfully completed WHQL testing. Since these drivers aren't up to the standards promoted by Microsoft, these drivers tend to be more error prone and simple changes to the system can cause these drivers to misbehave and cause system stop errors, also known by blue screen of death (BSOD), Bugcheck,...

In a troubleshooting effort that has not had a lot of traction with dump analysis, the next step is to start taking a "big picture" look at what is installed on the system. For kernel mode drivers, a logical place to start is to identify unsigned drivers, that is, drivers that have not passed WHQL certification. This is performed by using the signature verification utility (sigverif.exe) to identify unsigned drivers.

To start this tool, run sigverif.exe from the run prompt or the search prompt.



Launching this tool, there are not very many configurable options.



Simply click start, the tool will scan device drivers and other signed system files. In the end, a report is generated and provides a starting point for identifying the likely suspects on a problematic system.



If one of these drivers is suspected, it is a good idea to disable the driver or uninstall it.

See also,

Windows Crash Dump Analysis

How to Disable and Enable Windows Device Drivers

Have an idea for something that you'd like to see explored? Leave a comment or send an e-mail to razorbackx_at_gmail<dot>com

No comments:

Post a Comment