How to use the command `driverquery` (with examples)

How to use the command `driverquery` (with examples)

The driverquery command is a useful tool for system administrators and advanced users seeking to gather information about device drivers installed on a Windows operating system. This command can display various details about the drivers, such as their module name, display name, driver type, and more. By using different parameters, users can customize the output to meet their specific needs, facilitating system diagnostics, troubleshooting, and inventory management. Below are several common use cases of the driverquery command, along with explanations and example outputs.

Use case 1: Display a list of all installed device drivers

Code:

driverquery

Motivation:
The primary purpose of the driverquery command is to display a list of all installed device drivers on the system. This is particularly useful for system administrators who need to audit driver installations or troubleshoot driver-related issues. By displaying all drivers, you can identify outdated, missing, or non-functional drivers.

Explanation:
Running the command without any further options outputs a basic, default list of installed device drivers, including details such as module name, display name, and driver type. This is the simplest use case, providing an overall view of the driver configuration.

Example Output:

Module Name  Display Name           Driver Type  Link Date
-----------  ------------           -----------  ---------
acpipmi      ACPI Power Meter...    Kernel       7/14/2015
adp94xx      ADP 94xx               Kernel       6/22/2009
adpahci      ADP AHCI               Kernel       1/28/2008

Use case 2: Display a list of drivers in the specified format

Code:

driverquery /fo table|list|csv

Motivation:
Depending on your workflow or requirement, you might need the output in a different format. The driverquery command allows users to specify the output format as a table, list, or CSV file. Users might prefer the CSV format for easy import into spreadsheet applications for further analysis, while the table format is user-friendly for direct viewing in the console. The list format provides detailed information structured explicitly on a line-by-line basis.

Explanation:
The /fo option stands for “format”, allowing users to specify how the data is output. table produces a neatly organized table, list displays each driver’s information individually on separate lines, and csv produces a comma-separated values file, perfect for data manipulation and storage.

Example Output:

For Table Format:

Module Name  Display Name           Driver Type  Link Date
-----------  ------------           -----------  ---------
acpipmi      ACPI Power Meter...    Kernel       7/14/2015
adp94xx      ADP 94xx               Kernel       6/22/2009
adpahci      ADP AHCI               Kernel       1/28/2008

For List Format:

Module Name: acpipmi
Display Name: ACPI Power Meter...
Driver Type: Kernel
Link Date: 7/14/2015

Module Name: adp94xx
Display Name: ADP 94xx
Driver Type: Kernel
Link Date: 6/22/2009

For CSV:

"Module Name","Display Name","Driver Type","Link Date"
"acpipmi","ACPI Power Meter...","Kernel","7/14/2015"
"adp94xx","ADP 94xx","Kernel","6/22/2009"

Use case 3: Display a list of drivers with a column to indicate if they are signed

Code:

driverquery /si

Motivation:
Signing ensures that a driver is authentic and has not been tampered with. For security-conscious environments, it’s critical to use signed drivers only. This option provides an easy way to verify the signing status of each driver, helping administrators ensure that all drivers meet security compliance requirements.

Explanation:
The /si argument adds a “signed” column to the output, which specifies whether each driver is digitally signed. A signed driver has passed through checks, providing an extra layer of security and reliability.

Example Output:

Module Name  Display Name           Driver Type  Link Date   Signed
-----------  ------------           -----------  ---------   ------
acpipmi      ACPI Power Meter...    Kernel       7/14/2015   Yes
adp94xx      ADP 94xx               Kernel       6/22/2009   Yes
adpahci      ADP AHCI               Kernel       1/28/2008   No

Use case 4: Exclude the header in the output list

Code:

driverquery /nh

Motivation:
While headers are useful for understanding what each column represents, they may not be necessary for certain tasks, such as when the data will be processed by another application. Excluding headers can simplify scripts that parse and analyze driver data, which reduces overhead and processing time.

Explanation:
The /nh option stands for “no header”. When this is included, the command suppresses the output’s header line, leaving only the raw data. This option is particularly beneficial for scripting and automation environments.

Example Output:

acpipmi      ACPI Power Meter...    Kernel       7/14/2015
adp94xx      ADP 94xx               Kernel       6/22/2009
adpahci      ADP AHCI               Kernel       1/28/2008

Use case 5: Display a list of drivers for a remote machine

Code:

driverquery /s hostname /u username /p password

Motivation:
System administrators often need to gather information from multiple machines across a network. The ability to query driver information from a remote machine streamlines diagnostics and auditing tasks, facilitating centralized management and reducing the need for physical or direct access to each device.

Explanation:
The /s argument allows specifying a remote machine by its hostname or IP address. /u and /p represent the username and password, respectively, required for authentication on the remote system. This combination of options enables remote driver queries, essential for efficient network administration.

Example Output:

Module Name  Display Name           Driver Type  Link Date
-----------  ------------           -----------  ---------
acpipmi      ACPI Power Meter...    Kernel       7/14/2015
adp94xx      ADP 94xx               Kernel       6/22/2009
adpahci      ADP AHCI               Kernel       1/28/2008

Use case 6: Display a list of drivers with verbose information

Code:

driverquery /v

Motivation:
Getting detailed information about each driver can be vital for in-depth system analysis or debugging. Verbose information may include additional fields such as driver version, file path, and more, which can assist in identifying specific issues or ensuring driver details align with system policies.

Explanation:
The /v argument stands for “verbose”. When used, it expands the default output by including more detailed information about each driver. This additional data is important for technical support or when more comprehensive data is required.

Example Output:

Module Name       : ACPI\PNP0C14\0
Display Name      : Microsoft Windows Management Instr...
Driver Type       : Kernel
Start Mode        : Manual
State             : Stopped
Status            : OK
Name              : WmiAcpi
File              : C:\WINDOWS\System32\drivers\WmiAcpi.sys

Use case 7: Display help

Code:

driverquery /?

Motivation:
Whenever you’re using a command-line tool, it is crucial to understand its full functionality. Displaying the command’s help prompts provides a summary of all options and usage guidelines for the driverquery command.

Explanation:
The /? argument opens the command-line tool’s help interface, which lists available options, their descriptions, and sometimes, examples of usage. It’s an essential resource for both new and experienced users who need a quick reference or are learning to use the command for the first time.

Example Output:

Displays a list of all installed device drivers.

DRIVERQUERY [options]

  /S    system          Specifies the remote system to connect to.
  /U    [domain\]user   Specifies the user context under which the command should execute.
  /P    [password]      Specifies the password for the given user context.
  /FO   format          Specifies the output format.
                        Valid values: "TABLE", "LIST", "CSV".
  /NH                   Suppresses column header in output.
  /V                    Displays verbose output.
  /SI                   Displays signature information.
  /?                    Displays this help message.

Conclusion:

The driverquery command is a powerful tool for auditing and managing device drivers on Windows systems. By leveraging its various options, users can customize output formats, gather detailed information, and even query remote systems. These capabilities make it a versatile tool for system administrators tasked with maintaining and securing complex IT environments. Whether troubleshooting a driver issue or performing routine checks, understanding how to use driverquery effectively can save time and prevent errors.

Related Posts

Utilizing the Portable GNU Assembler (as) (with examples)

Utilizing the Portable GNU Assembler (as) (with examples)

The Portable GNU Assembler, commonly known as as, serves as an essential component within the GNU toolchain.

Read More
How to use the command 'git undo' (with examples)

How to use the command 'git undo' (with examples)

The git undo command is a handy feature from the git-extras toolkit, designed to help developers easily remove recent commits from their Git repository history.

Read More
How to Analyze Binary Files using 'ropper' (with examples)

How to Analyze Binary Files using 'ropper' (with examples)

Ropper is a powerful command-line tool designed for binary analysis, specifically focusing on finding Return Oriented Programming (ROP) gadgets in binary files.

Read More