MmIsDriverSuspectForVerifier function (wdm.h)
The MmIsDriverSuspectForVerifier routine indicates whether the driver represented by the specified driver object is in the list of drivers that are selected to be verified by Driver Verifier.
Syntax
LOGICAL MmIsDriverSuspectForVerifier(
[in] _DRIVER_OBJECT *DriverObject
);
Parameters
[in] DriverObject
A pointer to the driver object. This object is a DRIVER_OBJECT structure that represents a loaded driver image. The driver receives this pointer as an input parameter to its DriverEntry routine.
Return value
MmIsDriverSuspectForVerifier returns TRUE if the driver is selected for verification. Otherwise, the routine returns FALSE.
Remarks
A kernel-mode driver can call this routine to determine whether it is being monitored by Driver Verifier. Driver Verifier monitors kernel-mode drivers to detect illegal function calls or actions that might corrupt the system. To select drivers to be verified, you can use the Verifier Command Line or Driver Verifier Manager. For more information about adding drivers to the driver verification list, see Selecting Drivers to be Verified.
A related routine, MmIsDriverVerifying, returns TRUE if the specified driver either is in the driver verification list or imports calls to entry points in a driver that is in the driver verification list. Otherwise, MmIsDriverVerifying returns FALSE.
For example, if driver A has an import table through which it calls one or more entry points in driver B, and driver B is in the driver verification list, then MmIsDriverVerifying(A)
returns TRUE and MmIsDriverSuspectForVerifier(B)
returns TRUE. If driver A is not in the driver verification list, MmIsDriverSuspectForVerifier(A)
returns FALSE. Even if driver B does not call entry points in any drivers that are in the driver verification list, MmIsDriverVerifying(B)
returns TRUE because driver B is in the driver verification list. If a driver C is not in the driver verification list and does not call entry points in any drivers that are in the driver verification list, MmIsDriverVerifying(C)
and MmIsDriverSuspectForVerifier(C)
both return FALSE.
Another related routine, MmIsDriverVerifyingByAddress, indicates whether a driver identified by a driver image address is being verified or calls a driver that is being verified. MmIsDriverVerifyingByAddress is available starting with Windows Vista.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Available starting with Windows 8. |
Target Platform | Universal |
Header | wdm.h (include Ntddk.h, Ntifs.h) |
Library | NtosKrnl.lib |
DLL | NtosKrnl.exe |
IRQL | <= APC_LEVEL |