WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] - نسخه متنی

Chris Aschauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید







System File and Driver Tools


Windows 2000 Professional provides tools to help you troubleshoot problems with devices and drivers. Many of the most helpful tools for troubleshooting these issues, are discussed in this section, as shown in Table 31.8.

For more information about troubleshooting problems with Plug and Play and other devices, see "Device Management" in this book.

Table 31.8 Device and Driver Troubleshooting Tools



















ToolOverviewLocation
System File Checker

(Sfc.exe)

As part of Windows File Protection, scans protected system files and replaces files overwritten with correct versions provided by Microsoft.%SystemRoot%System32
Driver Verifier

(Verifier.exe)

Runs a series of checks in the Windows 2000 kernel to help readily expose errors in kernel mode drivers.%SystemRoot%System32
Driver Signing

(Sigverif.exe)

Verifies that device drivers have passed a series of rigorous tests administered by the Windows Hardware Quality Lab (WHQL).%SystemRoot%System32

System File Checker


System File Checker (SFC) is a command-line tool that scans protected system files and replaces files overwritten with the correct system files provided by Microsoft. It is part of the Windows File Protection feature of Windows 2000.

Windows File Protection


The Windows File Protection (WFP) feature protects your system files with two mechanisms. The first runs in the background: WFP is implemented when it is notified that a file in a protected folder is modified. After this notification is received, WFP determines which file was changed, and if it is protected, looks up the file signature in a catalog file to determine if the new file is the correct Microsoft version or if the file is digitally signed. If it is not, a replacement file is retrieved from either the %SystemRoot%System32Dllcache folder or the Windows 2000 operating system CD. By default, WFP displays the following message to an administrator and logs it to the System event log:


A file replacement was attempted on the protected system file <file
name>. To maintain system stability, the file has been restored to the
correct Microsoft version. If problems occur with your application,
please contact the application vendor for support.


The second WFP mechanism is SFC, which allows an administrator to scan all protected files to verify their versions. SFC also checks and repopulates the Dllcache folder. If the Dllcache folder becomes damaged or unusable, use SFC with the /purgecache switch to repair its contents. Most SYS, DLL, EXE, TTF, FON and OCX files on the Windows 2000 operating system CD are protected. However, for disk space considerations, maintaining cached versions of all of these files in the Dllcache folder is not always preferable on computers with limited available storage space.

SFC also checks all catalog files used to track correct file versions. If any catalog files are missing or damaged, WFP renames the affected catalog file and retrieves a cached version of that file from the Dllcache folder. If a cached copy of the catalog file is not available, WFP requests that you insert the Windows 2000 operating system CD to retrieve a new copy of the catalog file.

SFC Syntax


The command-line syntax for SFC is as follows:


sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/enable] [/purgecache] 
[/cache size=x] [/quiet]


SFC Switches


The SFC switches are listed in Table 31.9.

Table 31.9 SFC Switches
































SwitchDescription
/scannowScans all protected system files immediately.
/scanonceScans all protected system files at the next system start.
/scanbootScans all protected system files at every start.
/cancelCancels all pending scans of protected system files.
/enableEnables WFP for normal operation.
/purgecachePurges the file cache and scans all protected system files immediately.
/cachesize=xSets the file cache size, in megabytes.
/quietReplaces incorrect file versions without prompting the user.
/?Displays this list.

Driver Verifier


Driver Verifier is a Windows-based tool that runs a series of checks in the Windows 2000 kernel to expose errors in kernel-mode drivers. It can gather statistics from the kernel, which are displayed by the GUI or logged in a file.

Driver Verifier can be run as a Windows 2000 application (called the "Driver Verifier Manager"), as a command-line tool, or as a debugger option in the system debugger WinDbg.

Driver Verifier Syntax


The command-line syntax for Driver Verifier is as follows:


verifier [/flags value [/iolevel level]] /all
verifier [/flags value [/iolevel level]] /driver name [name …]
verifier /volatile /flags value
verifier /reset
verifier [/query]
verifier /log log_file_name [/interval seconds]


Driver Verifier Switches


The Run dialog box switches of Driver Verifier are listed in Table 31.10.

Table 31.10 Driver Verifier Command-Line Switches


















































SwitchDescription
/allVerifies all installed drivers.
/driverVerifies the driver specified in the name argument.
/flagsRuns the checks specified in the /value argument.
/intervalRecords log file entries in x second increments. The default interval is 30 seconds.
/iolevelSpecifies the level of I/O verification.
level

Specifies between a high-level scan and a full scan:

1   Only detects problems that will immediately cause
the computer to fail.
2 A superset of level 1, it also detects problems that
will cause failures from which the system can likely
recover. This is the recommended setting.

/logCreates a log file to hold memory, Interrupt Request Level (IRQL), and spin lock information.
/queryCauses the current data to be displayed on the screen. Data includes a count of memory allocations, IRQL raises, spin locks, and other data relevant to Driver Verifier options.
/resetErases all the current Driver Verifier settings.
/volatileUsed to change the Driver Verifier settings without restarting the system. Any new settings are lost when the system is restarted.
log_file_nameName of the log file.
nameName of the driver file. Multiple driver files can be listed in sequence, separated by spaces, but wildcards (* and ?) are not supported.
secondsNumber of seconds in the interval.
value

A decimal combination of bits representing the available flags:

0x01  Special pool checking
0x02 Force IRQL checking
0x04 Low resources simulation
0x08 Pool tracking
0x10 I/O checking

Bits can be freely combined. The default is 3.

/?Displays this list.

Running Driver Verifier with no command-line switches starts Driver Verifier Manager which uses a tabbed dialog box to separate the options it offers for testing device drivers, as shown in Figure 31.2.


Figure 31.2 Driver Verifier Manager

Driver Verifier Manager


The following list shown in Table 31.11 contains a description of each tab in the Driver Verifier Manager dialog box:

Table 31.11 Driver Verifier Manager Dialog Box Tabs




















TabDefinition
Driver StatusDisplays which drivers are loaded and being verified, and which Driver Verifier options are active.
Global CountersDisplays statistics that assist in monitoring Driver Verifier actions.
Pool TrackingDisplays information about paged and nonpaged pool allocations (both current amounts and peak amounts).
SettingsLists the drivers that are loaded and can be verified, as well as Verification type options available for use.
Volatile SettingsProvides a list of verified drivers and a list of Verification type options used for each driver.

To set up a driver to be tested by Driver Verifier Manager


    Open Driver Verifier Manager.

    Click the Driver Status tab, and then select the driver that you want to verify.


NOTE


You can verify multiple drivers at the same time, but to simplify the process, it is strongly recommended that you verify one driver at a time.


    Check the verification techniques that you want to enable in Verification Type. It is recommended that you enable all techniques for general testing.

    Click Apply and Exit, and then restart the computer for the changes to take effect.

    Reopen Driver Verifier Manager and make sure that the driver you want to test is shown in the Driver Status tab.

    Start an application that uses the device driver that you want to test.


Run a series of tests that use the full capability of the device driver in question.

If the Windows 2000 kernel detects any driver errors during startup or during the user tests, it generates a Stop message and displays information useful to support personnel on the screen and the kernel debugger host (if one is connected).

If no errors are found, reset the Driver Verifier Manager so it does not continue to test the drivers.

To reset the Driver Verifier Manager


    Reopen Driver Verifier Manager.

    In the Additional Drivers text box, enter the driver's full file name and file name extension (without its path; if multiple drivers were tested, separate file names by using spaces).

    Clear all options in Verification Type.

    Click Apply and Exit, and then restart the computer.


Driver Signing


Driver signing is a multifaceted process in which device drivers are verified through a series of tests administered by the Windows Hardware Quality Lab (WHQL). Drivers that earn this certification are more robust and cause fewer problems with Windows 2000. Microsoft digitally signs drivers that pass the WHQL tests so they are recognized natively by Windows 2000 Professional. Devices covered include:


    Keyboard

    Hard disk controller

    Multimedia device

    Video display

    Modem

    Mouse

    Network adapters

    Printer

    SCSI adapter

    Smart card reader


The system files provided with Windows 2000 have a Microsoft digital signature, which indicates that the files are original, unaltered system files and that they have been approved by Microsoft for use with Windows 2000.

Windows 2000 Professional can warn or prevent users from installing unsigned code. If a file has not been digitally signed and resides in one of the mentioned device driver classes, a message alerts the user, and asks if they want to continue.

All drivers included with Windows 2000 are digitally signed by Microsoft. You can verify that third-party drivers have met the WHQL standards and that they have not been modified since they were tested. To ensure that device drivers are compatible with Windows 2000, look for vendors offering drivers signed by Microsoft.

Checking for Digital Signatures


Windows 2000 includes the File Signature Verification tool and Signature Checking to identify files that have been signed.

The File Signature Verification tool determines whether a file is signed and allows you to do the following:


    View the certificates of signed files to ensure that the file has not been tampered with after being certified.

    Search for signed files in a specific location.

    Search for unsigned files in a specific location.


To run the File Signature Verification tool, from the Start menu, click Run, and then type:

sigverif

To customize the behavior of the File Signature Verification tool, in the File Signature Verification dialog box, click Advanced. The Advanced File Signature Verification Settings dialog box provides the following options:


    The Search tab allows you to search all drivers or specify the name and location of your driver search.

    The Logging tab saves the program's results as a log file, in which you can specify the file name, whether to overwrite or append to an existing file, and view the existing log.


The log file, Sigverif.txt, is stored in the %SystemRoot% folder by default, and records the following information about the files it scans:


    Name

    Modification date

    Version number

    Signed status

    Location


Signature Checking


Signature Checking can be enabled by system administrators to ensure that Windows 2000 inspects files for digital signatures whenever drivers are installed.

Signature Checking has three levels:


    Level 0 disables digital signature checking. The dialog box that identifies a digitally signed driver does not appear, and all drivers are installed whether they are signed or not.

    Level 1 determines whether the driver has passed WHQL testing. A message appears whenever a user tries to install a driver that fails the signature check.

    Level 2 blocks installation of a driver that fails the signature check. The user is notified that the driver cannot be installed because it is not digitally signed.


You can start the Signature Checking feature by using the Hardware tab of the System Properties dialog box.

Drivers


Drivers is a command-line tool that lists all of the drivers currently running on the computer from the %SystemRoot%System32Drivers folder. You can use this tool to identify a driver that might be causing problems due to corruption or because it is missing, not loaded, or outdated.

Drivers is part of the Resource Kit Tools collection on the Windows 2000 Professional Resource Kit companion CD. For more information about Drivers, see Rktools.chm in the folder C:Program FilesResource Kit.

Run Drivers from a command prompt, rather than from Windows Explorer, to see the resulting display. Drivers has no command-line switches.

TIP

Run Drivers when the system is working properly and save the output to a file. You can use these results as a comparison later if the system has problems with missing or corrupted drivers. To save the drivers list to a file, redirect the screen output to a file with the following command-line syntax:

drivers > drivers_M-D-Y.txt

where M is the numerical month, D is the day, and Y is the year that the report was run. Keep this file in a safe location or print it and record the date on the page.

Table 31.12 describes the output from the Drivers tool. The most important field is Module Name, which is the name of the component.

Table 31.12 Column Names and Descriptions of the Drivers Tool Output


























ColumnDefinition
ModuleNameThe driver's file name.
CodeThe nonpaged code in the image.
DataThe initialized static data in the image.
BssThe uninitialized static data in the image. This is data that is initialized to 0.
PagedThe size of the data that is paged.
InitData not needed after initialization.
LinkDateThe date that the driver was linked.

The following is a sample portion of a Drivers output:


ModuleName    Code    Data     Bss   Paged    Init          LinkDate
------------------------------------------------------------------------------
ntoskrnl.exe 423680 61952 0 730432 136448 Sun Aug 22 14:47:30 1999
hal.dll 33536 5536 0 31648 15488 Sat Aug 21 12:39:25 1999
BOOTVID.dll 6048 2464 0 0 448 Sat Aug 21 12:34:13 1999
pci.sys 12128 1536 0 30816 4576 Fri Aug 20 15:36:35 1999
isapnp.sys 14432 832 0 23200 2080 Wed Aug 18 18:29:07 1999
intelide.sys 1760 32 0 0 128 Sun Aug 22 14:17:56 1999
PCIIDEX.SYS 4512 480 0 10848 1632 Sun Aug 22 14:17:56 1999
MountMgr.sys 1088 0 0 22496 2176 Mon Aug 02 17:26:33 1999
ftdisk.sys 4640 32 0 95776 3392 Sun Aug 22 14:18:00 1999
Diskperf.sys 1440 32 0 2016 992 Sun Aug 22 14:17:59 1999
WMILIB.SYS 480 0 0 1152 192 Sat Jul 31 11:29:42 1999
dmload.sys 2848 64 0 0 608 Fri Aug 20 14:29:47 1999
...
ntdll.dll 282624 16384 0 16384 0 Sun Aug 22 14:57:40 1999
------------------------------------------------------------------------------
Total 3831648 306848 0 2966016 403552


/ 335