I’ve been doing some debugging for a customer, who has multiple industrial Client PC’s who are rebooting regularly. And to get more information in the memory dumps I had a need to configure the system to do a complete memory dump but also to enable extra verification of all drivers in the system to find the cause of the bluescreens.
Window has a built in tool called “Verifier” where you can enable extra checks on calls done by specific drivers. You generally don’t want to enable it on all drivers as that will slow down the system notable. And truthfully, the number of times it’s a Microsoft device driver who’s causing the issue is so small, because they check and stress test their drivers so much better than all the other vendors. Thus, it’s always better to enable the extra checks for all drivers, except the ones from Microsoft to start with.
As I didn’t want to run around to all the Client PC’s and configure verifier, I’ve made a small powershell script that reads the name of all none-microsoft drivers from the system and enabled verification for just those drivers. Which can then be execute in any number of ways.
It’s using both the Get-VMIObject and Get-WindowsDrivers to get a complete list of thirdparty drivers in the system. And it will also configure the system for a Complete Memory Dump.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# Get all Drivers in system and Enable Driver Verifier $driverquery = driverquery /si /FO CSV | ConvertFrom-CSV | where {$_.Manufacturer -notLike "*Microsoft*" -and $_.Manufacturer -notlike "*standard system devices*" -and $_.Manufacturer -notlike "(Standard*" -and $_.Manufacturer -notlike "Generic *"} $inffiles = $driverquery | Select-Object -Property InfName | Where-Object { $_.InfName -like "*.inf" } $Sys = foreach ($inffile in $inffiles) { Select-String -Path $env:SystemRoot\inf\$($inffile.InfName) -Pattern ServiceBinary | select-string -Pattern \.SYS } $drivers1 = $Sys.Line -replace ".*\\" | select -Unique | Sort-Object $WindRivers = Get-WindowsDriver -Online $Sys = foreach ($inffile in $WindRivers.Driver) { Select-String -Path $env:SystemRoot\inf\$($inffile) -Pattern ServiceBinary | select-string -Pattern \.SYS } $drivers2 = ($Sys.Line -replace ".*\\" | select -Unique) [array]$alldrivers = $null $alldrivers = ($drivers1 + $drivers2) | Sort-Object | Select-Object -Unique # $alldrivers & verifier /reset & verifier /standard /driver $alldrivers /bootmode resetonbootfail $regkeypath="HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl" #Write Debugging Info Set-ItemProperty -Path $regkeypath -Name "CrashDumpEnabled" -Value 1 Set-ItemProperty -Path $regkeypath -Name "AutoReboot" -Value 1 Set-ItemProperty -Path $regkeypath -Name "LogEvent" -Value 1 Set-ItemProperty -Path $regkeypath -Name "Overwrite" -Value 1 Write-Output "Please reboot $ENV:COMPUTERNAME" |
Just to be safe, I’ve added /bootmode resetonbootfail so it will reset the verifier settings in case the system is bluescreening during boot due to verifier notificing a bad driver in the boot process.
Reboot the PC, get a big cold Coke and wait for the bluescreen to happen.