driverquery.exe: Your Guide to Windows Device Drivers
driverquery.exe is a built-in command-line utility in Windows operating systems that provides detailed information about the installed device drivers. It's a valuable tool for troubleshooting hardware issues, verifying driver versions, identifying potential conflicts, and generally understanding the driver landscape of your system. It is not a virus, nor can it become a virus. It is a legitimate and essential part of the Windows operating system.
Origin and Purpose
driverquery.exe has been a standard component of Windows since at least Windows XP and is included in all subsequent versions, including Windows Server editions. Its primary purpose is to offer a comprehensive and readily accessible method for listing all loaded drivers, their properties, and their status. This information can be crucial when:
- Troubleshooting device problems: If a device isn't working correctly,
driverquery.execan help you identify the associated driver and check its version, start type, and status. - Verifying driver updates: After installing or updating a driver, you can use
driverquery.exeto confirm that the new version is loaded and running. - System inventory:
driverquery.exeprovides a detailed snapshot of all drivers on your system, which can be useful for documentation or auditing purposes. - Security analysis: In some cases, examining the driver list can help identify potentially suspicious or outdated drivers that might pose a security risk (though this requires advanced knowledge).
- Driver development: While not its primary purpose, developers might use
driverquery.exeto quickly check the loaded state and properties of drivers they are working on.
Is it a Virus? Can it Become a Virus?
No, driverquery.exe is a legitimate Windows system file. It is digitally signed by Microsoft, ensuring its authenticity. It cannot "become" a virus. However, like any executable file, it's theoretically possible (though extremely unlikely) that a highly sophisticated piece of malware could replace the legitimate driverquery.exe with a malicious version. This is a general risk with any executable, not specific to driverquery.exe. Maintaining up-to-date antivirus software and practicing safe computing habits significantly mitigates this risk. If you suspect file corruption, you can use the System File Checker (sfc /scannow) to verify and repair system files.
Usage
driverquery.exe is a command-line tool, meaning you interact with it through the Command Prompt (cmd.exe) or PowerShell. Here's how to use it, along with detailed explanations of its options:
1. Open Command Prompt or PowerShell:
- Command Prompt: Press the Windows key, type
cmd, and press Enter. - PowerShell: Press the Windows key, type
powershell, and press Enter. It's generally recommended to run these as an administrator for full access (right-click and choose "Run as administrator").
2. Basic Usage:
Simply typing driverquery and pressing Enter will display a basic list of loaded drivers.
driverquery
This will output a table with columns like:
- Module Name: The name of the driver module (usually a
.sysfile). - Display Name: A more user-friendly name for the driver.
- Driver Type: The type of driver (e.g., Kernel, File System, etc.).
- Link Date: The date and time the driver was linked (compiled).
3. Command-Line Options (Switches):
driverquery.exe supports several command-line options to customize the output and provide more detailed information. These options are case-insensitive.
-
/FO <format>: Specifies the output format. Valid values for<format>are: *TABLE(default): Displays the output in a table format. *LIST: Displays the output in a list format. *CSV: Displays the output in comma-separated values (CSV) format, suitable for importing into spreadsheets or databases.``` driverquery /FO LIST driverquery /FO CSV > drivers.csv (Redirects CSV output to a file) ``` -
/NH: Suppresses the column headers in the output. Useful when piping the output to other commands or scripts.``` driverquery /NH ``` -
/SI: Displays information about digitally signed drivers. This is helpful for verifying driver authenticity. It will show whether a driver is signed or unsigned.``` driverquery /SI ``` -
/V: Displays verbose output, providing more detailed information about each driver, including: * Start Mode (e.g., Boot, System, Auto, Demand, Disabled) * State (e.g., Running, Stopped) * Status (e.g., OK, Error) * Accept Stop (Whether the driver can be stopped) * Accept Pause (Whether the driver can be paused) * Paged Pool (Memory usage) * Code (Memory usage) * BSS (Memory usage) * Link Date (More precise timestamp) * Path (Full path to the driver file) * Init (Memory usage)``` driverquery /V ``` -
/?: Displays the help information, listing all available options. It's the best way to get a quick reference.driverquery /?* Filtering Output (Usingfindstr): Whiledriverquery.exeitself doesn't have built-in filtering, you can use thefindstrcommand (orSelect-Stringin PowerShell) to filter the output based on specific criteria. This is incredibly powerful for finding specific drivers.* **Example (Command Prompt): Find all drivers containing "usb" in their name:** ``` driverquery | findstr /I "usb" ``` `/I` makes the search case-insensitive. * **Example (PowerShell): Find all drivers containing "usb" in their name:** ```powershell driverquery | Select-String -Pattern "usb" -CaseSensitive:$false ``` * **Example (Command Prompt): Find unsigned drivers:** ``` driverquery /SI | findstr /I "unsigned" ``` * **Example (PowerShell): Find unsigned drivers and save to a file:** ```powershell driverquery /SI | Select-String -Pattern "unsigned" | Out-File -FilePath "unsigned_drivers.txt" ``` * **Example(Command Prompt):Find all drivers that start automatically:** ``` driverquery /v | findstr /i "Boot" ```
4. Example Scenarios:
-
Get a CSV list of all drivers:
``` driverquery /FO CSV > driver_list.csv ``` This command creates a file named `driver_list.csv` containing a comma-separated list of all drivers. -
Check if a specific driver (e.g.,
mydriver.sys) is loaded:driverquery | findstr /I "mydriver.sys" (Command Prompt) driverquery | Select-String -Pattern "mydriver.sys" -CaseSensitive:$false (PowerShell)If the driver is loaded, its information will be displayed. If it's not loaded, there will be no output. -
List all drivers with verbose output, sorted by link date (using PowerShell for sorting):
```powershell driverquery /V | Sort-Object -Property "Link Date" ``` -
Find all file system drivers:
powershell driverquery /v | findstr /i "File System" -
Identify drivers with a "Demand" start mode:
```powershell driverquery /V | findstr /I "Demand" ```
Important Considerations:
- Administrator Privileges: For complete and accurate information, run
driverquery.exefrom an elevated Command Prompt or PowerShell session (run as administrator). - Output Interpretation: Understanding the output requires some familiarity with device drivers and Windows internals. The verbose output (
/V) provides the most comprehensive information, but it can be overwhelming for beginners. - Third-party Tools: While
driverquery.exeis a valuable built-in tool, there are also third-party driver management utilities that offer more advanced features, graphical interfaces, and driver update capabilities (e.g., Driver Booster, Driver Easy). These are not part of the core Windows system. - Do not delete random .sys files.
driverqueryshows you the loaded drivers, crucial for system operation. Deleting files listed bydriverquerywithout understanding their purpose is extremely dangerous and will likely lead to system instability or failure.
In conclusion, driverquery.exe is a powerful and essential command-line tool for managing and troubleshooting device drivers in Windows. It's a safe, built-in utility that provides valuable information about the drivers installed on your system. Understanding its options and how to interpret its output is crucial for any Windows system administrator or power user.