System File and Driver Tools
Windows 2000 Professional provides tools to help you troubleshoot problems with devices and drivers. Many of the most helpful tools for troubleshooting these issues, are discussed in this section, as shown in Table 31.8.For more information about troubleshooting problems with Plug and Play and other devices, see "Device Management" in this book.Table 31.8 Device and Driver Troubleshooting Tools
Tool | Overview | Location |
---|---|---|
System File Checker(Sfc.exe) | As part of Windows File Protection, scans protected system files and replaces files overwritten with correct versions provided by Microsoft. | %SystemRoot%System32 |
Driver Verifier(Verifier.exe) | Runs a series of checks in the Windows 2000 kernel to help readily expose errors in kernel mode drivers. | %SystemRoot%System32 |
Driver Signing(Sigverif.exe) | Verifies that device drivers have passed a series of rigorous tests administered by the Windows Hardware Quality Lab (WHQL). | %SystemRoot%System32 |
System File Checker
System File Checker (SFC) is a command-line tool that scans protected system files and replaces files overwritten with the correct system files provided by Microsoft. It is part of the Windows File Protection feature of Windows 2000.
Windows File Protection
The Windows File Protection (WFP) feature protects your system files with two mechanisms. The first runs in the background: WFP is implemented when it is notified that a file in a protected folder is modified. After this notification is received, WFP determines which file was changed, and if it is protected, looks up the file signature in a catalog file to determine if the new file is the correct Microsoft version or if the file is digitally signed. If it is not, a replacement file is retrieved from either the %SystemRoot%System32Dllcache folder or the Windows 2000 operating system CD. By default, WFP displays the following message to an administrator and logs it to the System event log:
A file replacement was attempted on the protected system file <file |
The second WFP mechanism is SFC, which allows an administrator to scan all protected files to verify their versions. SFC also checks and repopulates the Dllcache folder. If the Dllcache folder becomes damaged or unusable, use SFC with the /purgecache switch to repair its contents. Most SYS, DLL, EXE, TTF, FON and OCX files on the Windows 2000 operating system CD are protected. However, for disk space considerations, maintaining cached versions of all of these files in the Dllcache folder is not always preferable on computers with limited available storage space. SFC also checks all catalog files used to track correct file versions. If any catalog files are missing or damaged, WFP renames the affected catalog file and retrieves a cached version of that file from the Dllcache folder. If a cached copy of the catalog file is not available, WFP requests that you insert the Windows 2000 operating system CD to retrieve a new copy of the catalog file.
SFC Syntax
The command-line syntax for SFC is as follows:
sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/enable] [/purgecache] |
SFC Switches
The SFC switches are listed in Table 31.9. Table 31.9 SFC Switches
Switch | Description |
---|---|
/scannow | Scans all protected system files immediately. |
/scanonce | Scans all protected system files at the next system start. |
/scanboot | Scans all protected system files at every start. |
/cancel | Cancels all pending scans of protected system files. |
/enable | Enables WFP for normal operation. |
/purgecache | Purges the file cache and scans all protected system files immediately. |
/cachesize=x | Sets the file cache size, in megabytes. |
/quiet | Replaces incorrect file versions without prompting the user. |
/? | Displays this list. |
Driver Verifier
Driver Verifier is a Windows-based tool that runs a series of checks in the Windows 2000 kernel to expose errors in kernel-mode drivers. It can gather statistics from the kernel, which are displayed by the GUI or logged in a file.Driver Verifier can be run as a Windows 2000 application (called the "Driver Verifier Manager"), as a command-line tool, or as a debugger option in the system debugger WinDbg.
Driver Verifier Syntax
The command-line syntax for Driver Verifier is as follows:
verifier [/flags value [/iolevel level]] /all |
Driver Verifier Switches
The Run dialog box switches of Driver Verifier are listed in Table 31.10. Table 31.10 Driver Verifier Command-Line Switches
Switch | Description |
---|---|
/all | Verifies all installed drivers. |
/driver | Verifies the driver specified in the name argument. |
/flags | Runs the checks specified in the /value argument. |
/interval | Records log file entries in x second increments. The default interval is 30 seconds. |
/iolevel | Specifies the level of I/O verification. |
level | Specifies between a high-level scan and a full scan:1 Only detects problems that will immediately cause |
/log | Creates a log file to hold memory, Interrupt Request Level (IRQL), and spin lock information. |
/query | Causes the current data to be displayed on the screen. Data includes a count of memory allocations, IRQL raises, spin locks, and other data relevant to Driver Verifier options. |
/reset | Erases all the current Driver Verifier settings. |
/volatile | Used to change the Driver Verifier settings without restarting the system. Any new settings are lost when the system is restarted. |
log_file_name | Name of the log file. |
name | Name of the driver file. Multiple driver files can be listed in sequence, separated by spaces, but wildcards (* and ?) are not supported. |
seconds | Number of seconds in the interval. |
value | A decimal combination of bits representing the available flags:0x01 Special pool checking Bits can be freely combined. The default is 3. |
/? | Displays this list. |
Running Driver Verifier with no command-line switches starts Driver Verifier Manager which uses a tabbed dialog box to separate the options it offers for testing device drivers, as shown in Figure 31.2.
Figure 31.2 Driver Verifier Manager
Driver Verifier Manager
The following list shown in Table 31.11 contains a description of each tab in the Driver Verifier Manager dialog box: Table 31.11 Driver Verifier Manager Dialog Box Tabs
Tab | Definition |
---|---|
Driver Status | Displays which drivers are loaded and being verified, and which Driver Verifier options are active. |
Global Counters | Displays statistics that assist in monitoring Driver Verifier actions. |
Pool Tracking | Displays information about paged and nonpaged pool allocations (both current amounts and peak amounts). |
Settings | Lists the drivers that are loaded and can be verified, as well as Verification type options available for use. |
Volatile Settings | Provides a list of verified drivers and a list of Verification type options used for each driver. |
To set up a driver to be tested by Driver Verifier Manager
Open Driver Verifier Manager.Click the Driver Status tab, and then select the driver that you want to verify.
NOTE
You can verify multiple drivers at the same time, but to simplify the process, it is strongly recommended that you verify one driver at a time.
Check the verification techniques that you want to enable in Verification Type. It is recommended that you enable all techniques for general testing.Click Apply and Exit, and then restart the computer for the changes to take effect.Reopen Driver Verifier Manager and make sure that the driver you want to test is shown in the Driver Status tab.Start an application that uses the device driver that you want to test.
Run a series of tests that use the full capability of the device driver in question.If the Windows 2000 kernel detects any driver errors during startup or during the user tests, it generates a Stop message and displays information useful to support personnel on the screen and the kernel debugger host (if one is connected). If no errors are found, reset the Driver Verifier Manager so it does not continue to test the drivers. To reset the Driver Verifier Manager
Reopen Driver Verifier Manager.In the Additional Drivers text box, enter the driver's full file name and file name extension (without its path; if multiple drivers were tested, separate file names by using spaces).Clear all options in Verification Type.Click Apply and Exit, and then restart the computer.
Driver Signing
Driver signing is a multifaceted process in which device drivers are verified through a series of tests administered by the Windows Hardware Quality Lab (WHQL). Drivers that earn this certification are more robust and cause fewer problems with Windows 2000. Microsoft digitally signs drivers that pass the WHQL tests so they are recognized natively by Windows 2000 Professional. Devices covered include:
KeyboardHard disk controllerMultimedia deviceVideo displayModemMouseNetwork adaptersPrinterSCSI adapterSmart card reader
The system files provided with Windows 2000 have a Microsoft digital signature, which indicates that the files are original, unaltered system files and that they have been approved by Microsoft for use with Windows 2000. Windows 2000 Professional can warn or prevent users from installing unsigned code. If a file has not been digitally signed and resides in one of the mentioned device driver classes, a message alerts the user, and asks if they want to continue. All drivers included with Windows 2000 are digitally signed by Microsoft. You can verify that third-party drivers have met the WHQL standards and that they have not been modified since they were tested. To ensure that device drivers are compatible with Windows 2000, look for vendors offering drivers signed by Microsoft.
Checking for Digital Signatures
Windows 2000 includes the File Signature Verification tool and Signature Checking to identify files that have been signed. The File Signature Verification tool determines whether a file is signed and allows you to do the following:
View the certificates of signed files to ensure that the file has not been tampered with after being certified.Search for signed files in a specific location.Search for unsigned files in a specific location.
To run the File Signature Verification tool, from the Start menu, click Run, and then type:sigverifTo customize the behavior of the File Signature Verification tool, in the File Signature Verification dialog box, click Advanced. The Advanced File Signature Verification Settings dialog box provides the following options:
The Search tab allows you to search all drivers or specify the name and location of your driver search. The Logging tab saves the program's results as a log file, in which you can specify the file name, whether to overwrite or append to an existing file, and view the existing log.
The log file, Sigverif.txt, is stored in the %SystemRoot% folder by default, and records the following information about the files it scans:
Name Modification date Version number Signed statusLocation
Signature Checking
Signature Checking can be enabled by system administrators to ensure that Windows 2000 inspects files for digital signatures whenever drivers are installed.Signature Checking has three levels:
Level 0 disables digital signature checking. The dialog box that identifies a digitally signed driver does not appear, and all drivers are installed whether they are signed or not.Level 1 determines whether the driver has passed WHQL testing. A message appears whenever a user tries to install a driver that fails the signature check.Level 2 blocks installation of a driver that fails the signature check. The user is notified that the driver cannot be installed because it is not digitally signed.
You can start the Signature Checking feature by using the Hardware tab of the System Properties dialog box.
Drivers
Drivers is a command-line tool that lists all of the drivers currently running on the computer from the %SystemRoot%System32Drivers folder. You can use this tool to identify a driver that might be causing problems due to corruption or because it is missing, not loaded, or outdated.Drivers is part of the Resource Kit Tools collection on the Windows 2000 Professional Resource Kit companion CD. For more information about Drivers, see Rktools.chm in the folder C:Program FilesResource Kit. Run Drivers from a command prompt, rather than from Windows Explorer, to see the resulting display. Drivers has no command-line switches.
TIPTable 31.12 describes the output from the Drivers tool. The most important field is Module Name, which is the name of the component.Table 31.12 Column Names and Descriptions of the Drivers Tool Output
Run Drivers when the system is working properly and save the output to a file. You can use these results as a comparison later if the system has problems with missing or corrupted drivers. To save the drivers list to a file, redirect the screen output to a file with the following command-line syntax:
drivers > drivers_M-D-Y.txtwhere M is the numerical month, D is the day, and Y is the year that the report was run. Keep this file in a safe location or print it and record the date on the page.
Column | Definition |
---|---|
ModuleName | The driver's file name. |
Code | The nonpaged code in the image. |
Data | The initialized static data in the image. |
Bss | The uninitialized static data in the image. This is data that is initialized to 0. |
Paged | The size of the data that is paged. |
Init | Data not needed after initialization. |
LinkDate | The date that the driver was linked. |
The following is a sample portion of a Drivers output:
ModuleName Code Data Bss Paged Init LinkDate |