We’ve had a problem with some Windows 10 computers that have had hard disk controller drivers removed from the system. When the system reboots it’ll BSOD with an inaccessible boot device error. We can fix that manually.
I have machines that have not yet rebooted that MAY be missing these drivers that I want to find before the user tries to reboot. What I want to do is identify the currently installed driver and check that there really is the .sys file in c:\windows\system32\drivers. This method can not query the driver INF file because that is missing also.
MSINFO32 displays the exact data I’m looking for. I see SCSI and IDE driver sections that list the installed driver and the .sys file for that driver.
There’s probably a better place to find the data I’m looking for. I’m at a loss for what that could be.
And the hardware in question varies by make and model, so I have to be sure I have identified the correct hard disk controller for that system. I can’t just search all machines for iastor.sys and expect to find usable results.
Any help is appreciated
I think you should be able to adapt some of the info from this thread on driver detection - Get Driver Information for Video and Audio Drivers
You can restrict the registry queries to the disk device class GUID instead of the video driver class that we were querying at the time, but that should list the expected driver files which you can then look for on the drive.
You can find the devices detected by PnP on the system by querying beneath HKLM\System\CurrentControlSet\Enum\PCI. Storage Controllers should have a ClassGUID of {4d36e96a-e325-11ce-bfc1-08002be10318}. Here’s an excerpt from my machine:
`[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_8086&DEV_8C02&SUBSYS_06221028&REV_05\3&11583659&0&FA]`
"DeviceDesc"="@oem15.inf,%pci\\ven_8086&dev_8c02&cc_0106.devicedesc%;Intel(R) 8 Series/C220 Chipset Family SATA AHCI Controller"
"LocationInformation"="@System32\\drivers\\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,2)"
"ClassGUID"="{4d36e96a-e325-11ce-bfc1-08002be10318}"
"ParentIdPrefix"="4&8e33330&0"
"Service"="iaStorA"
"Driver"="{4d36e96a-e325-11ce-bfc1-08002be10318}\\0000"
I think you should be able to query as such:
q: preceding texts of firsts "," of (it as string) of values "LocationInformation" of keys whose (value "ClassGUID" of it as string = "{4d36e96a-e325-11ce-bfc1-08002be10318}") of keys of keys "HKLM\System\CurrentControlSet\Enum\PCI" of native registry
A: @System32\drivers\pci.sys
T: 0.672 ms
I: plural substring
I’ve checked this on exactly 1 model of machine, my home box, so do use with care.
edit Should’ve looked closer, LocationInformation looks like it actually refers to the parent of the device. pci.sys is not the driver for Intel AHCI…
Most keys of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class with an instance have a Driver value that might be helpful. My particular storage controller doesn’t seem to have a Driver value, but most devices do. Try
values "Driver" of keys of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}"
and see if that turns up anything helpful.