How to detect buggy device drivers in Windows 10
- 01 August, 2016 20:00
When buggy third-party drivers crash a system and invoke a blue screen of death, it can be difficult to pinpoint the source among all the active running software. An alternative method to using WinDbg is to identify any device driver addition or change that occurred prior to the Blue Screen of Death event.
Windows device drivers are just one part of the broader Windows operating environment function called Autorun Settings. Windows’ Autorun Settings identify Windows auto-starting software, including all Windows device drivers, during system bootup or login.
As an alternative to the tried-and-true Windows Debugger method, buggy device drivers that caused Windows to go from a stable operating environment to suffering a BSOD can be discovered through a process of authenticating all device drivers and detecting any recent change events (such as device driver changes or addition).
The process of discovering, authenticating, and detecting driver state changes can be accomplished using a myriad of available Autorun utilities, but most require manually combing through all of the system’s Autorun Settings, which can be a time-consuming, frustrating process.
There are some utilities listed in the following table that are capable of automating this process through built-in functionality. These Autorun utilities allow you to take a snapshot of the current Windows system state, identify all recent system change events, and authenticate non-offending change events. These system change events identify the timeline and driver differences which ultimately help to resolve the BSOD culprit.
The following table is not a comprehensive comparison of all features of the products listed, but highlights the features that apply to BSOD issues.
Autorun utility software capable of automating driver change detection
|Discovery1||Live only||Live + Shadows||Live + Shadows||Live only|
- "Note: 1: Discovery: Discover Auto-starting locations for Live Windows State and Windows State in Volume Shadow Copies.
- 2: Authentication: Authentication through file image hash value in Autorun Settings from malware databases and whitelist databases.
- 2a: Authentication source: VirusTotal.com.
- 2b: Authentication source: Autorun Setting Repository, and three adjustable online anti-malware engines.
- 2c: Authentication source: Autorun Setting Repository, and three adjustable online anti-malware engines.3: Change Detection: Manually compare two Autorun snapshots vs real-time automatic change detection notification.