Enable driver verifier for all none-microsoft drivers with powershell

I’ve been doing some debugging for a customer, who has multiple industrial Client PC’s who are rebooting regularly. And to get more information in the memory dumps I had a need to configure the system to do a complete memory dump but also to enable extra verification of all drivers in the system to find the cause of the bluescreens.

Window has a built in tool called “Verifier” where you can enable extra checks on calls done by specific drivers. You generally don’t want to enable it on all drivers as that will slow down the system notable. And truthfully, the number of times it’s a Microsoft device driver who’s causing the issue is so small, because they check and stress test their drivers so much better than all the other vendors. Thus, it’s always better to enable the extra checks for all drivers, except the ones from Microsoft to start with.

As I didn’t want to run around to all the Client PC’s and configure verifier, I’ve made a small powershell script that reads the name of all none-microsoft drivers from the system and enabled verification for just those drivers. Which can then be execute in any number of ways.

It’s using both the Get-VMIObject and Get-WindowsDrivers to get a complete list of thirdparty drivers in the system. And it will also configure the system for a Complete Memory Dump.

Just to be safe, I’ve added /bootmode resetonbootfail so it will reset the verifier settings in case the system is bluescreening during boot due to verifier notificing a bad driver in the boot process.

Reboot the PC, get a big cold Coke and wait for the bluescreen to happen.

Importing Hotfixes and Drivers directly into WSUS

I got a comment on my previous blogpost.

Could you please clarify the import bit with paste:ing the uri into Wsus IE.
If you paste the Uri into the address field it wants do dowload the update and not import it.

You are right, I was very unclear about that and should have explained it, thanks for asking Patrik.

This process can be used to import anything from the Microsoft Update Catalog, including Drivers and public Hotfixes.

Start by opening your WSUS Console, and click on “Import Updates”.
It has to be done that way to get the “import” option, else you will only be able to download the files.

wsus10

 

An normal Internet Explorer will now open. If this is the first time you are doing this, you will be prompted to approve an activex component and you may have to trust the updates website too.

wsus11

 

You can either search for hotfixes (or drivers) by their name, or just paste the MUUri that’s listed on each hotfix in my post here: http://www.isolation.se/list-of-private-cloud-related-hotfixes-2016-02-03/  And then click on Add to put the hotfixes in your basket.

wsus12

 

When you have added a couple of hotfixes to the basket click on “View Basket”. My experience is that adding too many hotfixes will make the Microsoft Update site timeout and be unresponsive. So I usually import the hotfixes or drivers in batches of 20-30 at the same time.

wsus13

Notice in the picture above, how there is no Import but just the normal Download button. If that happens, just switch back to the Windows Update Admin console, and click import updates again. A new tab will open in IE, it will remember all your items in the basket and a Import Directly into Windows Server Update Services checkbox exists now!

wsus14

Just import the hotfixes to WSUS that way, and approve them manually or make an Auto Approval Rule. Done!

The bad part, is as I mentioned in a previous blogpost, that you have to copy and paste each hotfix url into IE. I’ve not managed to figure out a way to script the import as it’s a ActiveX component doing all the work.

 

Bugcheck: DRIVER_POWER_STATE_FAILURE (9f)

I experienced a Bluescreen of Death (BSOD) on my Windows 8 Laptop (HP EliteBook 8560w) this morning when it resumed from Hibernate.
I quickly launched WinDBG and opened the crashdump.

WinDBG managed to find the driver that caused this problem by itself this time. But IF WinDBG had not been able to show me the faulty driver, the next step would have been to use the Bugcheck info (0x0000009f) to dig further into this;

The last argument is the interesting one, and which we should look into further with the !irp command.

It will show something similar to this. And it’s the e1c63x64.sys driver that were active at the time of the bluescreen. Same info as !analyze -v managed to figure out by itself.

Hmm, so what driver is that?

intel_driver1Too bad that it were unable to provide more detailed information. But some oldschool properties of the \SystemRoot\system32\DRIVERS\e1c63x64.sys file gave this;

And a quick search on Intel’s Support sites showed that there was a newer version available for my NIC;
Intel(R) 82579LM Gigabit Network Connection here.

Driver updated, and hopefully no more bluescreens due to this driver bug.

 

List all Unsigned Drivers with Powershell

I had a need for getting all Unsigned drivers in a Windows 8 system to help out with some debugging.

 

As I’m still learning Powershell there might be better and faster ways of solving this problem, but this seems to work good enough for me, and hopefully for you too.

It’s a quite straight forward and easy script to use and change if there is a need, such as instead of showing Unsigned drivers, list all Signed Drivers by using IsSigned -EQ “TRUE”.
Use driverquery.exe to list all Unsigned Drivers to CSV, then import that CSV into Powershell and display all Drivers that’s unsigned (-EQUAL “False”). You will actually just get the .INF file at this point which kind of sucks, not the driverfile which we need in this case.
So for each returned .INF file, we are then opening those files in c:\windows\INF (that’s where Windows stores all installed INF/diver files) and find all .SYS files (drivers) referenced in the INF files. And after some more filtering, it then outputs a list of the unsigned drivers ($UnSigned), like this.

PS C:> $UnSigned VClone.sys nvhda32.sys nvhda64.sys nvhda32v.sys nvhda64v.sys PS C:>
PS C:> $UnSigned
VClone.sys
nvhda32.sys
nvhda64.sys
nvhda32v.sys
nvhda64v.sys
PS C:>

I’ll then use that list and pass the unsigned drivers list to “Verifier.exe /standard /driver $UnSigned” to enable some Special driver Verification for finding the cause of some blue-screens.
I guess this script should work quite well also on Windows 7, but I’ve not tried it.