Windows全局标志(Gflags)
Gflags Flag Reference
摘自TechNet,原始链接为:http://technet2.microsoft.com/WindowsServer/en/Library/6a183942-57b1-45e0-8b4c-c546aa1b8c471033.mspx
Buffer DbgPrint output
Hexadecimal value |
0x08000000 |
Symbolic Name |
FLG_DISABLE_DBGPRINT |
Destination |
Systemwide registry entry, kernel mode. |
Suppresses debugger output from DbgPrint(), DbgPrintEx(), KdPrint(), and KdPrintEx() calls. When this output is suppressed, it does not automatically appear in the kernel debugger. However, it can still be accessed by using the !dbgprint debugger extension.
Create kernel mode stack trace database
Hexadecimal value |
0x2000 |
Symbolic Name |
FLG_KERNEL_STACK_TRACE_DB |
Destination |
Systemwide registry entry. |
Creates a run-time stack trace database of kernel operations, such as resource objects and object management operations. This feature works only when using a "checked build," that is, an internal debugging build of the operating system.
Note
• |
This flag is available as a kernel mode setting, but it is not effective in kernel mode because the kernel is already started. |
Create user mode stack trace database
Hexadecimal value |
0x1000 |
Symbolic Name |
FLG_USER_STACK_TRACE_DB |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Creates a run-time stack trace database in the address space of a particular process (image file mode) or all processes (systemwide).
Debug initial command
Hexadecimal value |
0x4 |
Symbolic Name |
FLG_DEBUG_INITIAL_COMMAND |
Destination |
Systemwide registry entry, kernel mode. |
Runs Winlogon in the Windows Symbolic Debugger (Ntsd.exe) with the -d parameter, which directs its output to the kernel debugger console.
This flag is used for debugging the Client Server Run-time Subsystem (CSRSS), Winlogon.exe, and the Winlogon child processes.
See also: Debug Winlogon
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EDAA3AAAACA");
if(o != null) o.innerHTML = "[#dwl]";
}
, Enable debugging of Win32 subsystem
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAA3AAAACA");
if(o != null) o.innerHTML = "[#d32]";
}
.
Debug Winlogon
Hexadecimal value |
0x04000000 |
Symbolic Name |
FLG_DEBUG_INITIAL_COMMAND_EX |
Destination |
Systemwide registry entry, kernel mode. |
Runs Winlogon in the Windows Symbolic Debugger (Ntsd.exe) with the following options:
• |
-d Send output to kernel debugger console. |
• |
-g Ignore first breakpoint. |
• |
-x Ignore first chance access violations. |
See also: Debug Initial Command
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EDAA2AAAACA");
if(o != null) o.innerHTML = "[#dic]";
}
, Enable debugging of Win32 subsystem
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAA2AAAACA");
if(o != null) o.innerHTML = "[#d32]";
}
.
Disable heap coalesce on free
Hexadecimal value |
0x00200000 |
Symbolic Name |
FLG_HEAP_DISABLE_COALESCING |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Leaves adjacent blocks of heap memory separate when they are freed. By default, the system combines ("coalesces") newly freed adjacent blocks into a single block. Combining the blocks takes time, but reduces fragmentation that might force the heap to allocate additional memory when it can't find contiguous memory.
This flag is used to test optimizing strategies. It is not used for debugging.
Disable paging of kernel stacks
Hexadecimal value |
0x80000 |
Symbolic Name |
FLG_DISABLE_PAGE_KERNEL_STACKS |
Destination |
Systemwide registry entry, kernel mode. |
Prevents paging of the kernel mode stacks of inactive threads. Generally, the kernel mode stack cannot be paged; it is guaranteed to be resident in memory. However, the system occasionally pages the kernel stacks of inactive threads. This flag prevents these occurrences.
The kernel debugger can provide information about a thread only when its stack is in physical memory. This flag is particularly important when debugging deadlocks and in other cases when every thread must be tracked.
Disable protected DLL verification
Hexadecimal value |
0x80000000 |
Symbolic Name |
FLG_DISABLE_PROTDLLS |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
This flag appears in Gflags, but it has no effect on the operating system.
Disable stack extension
Hexadecimal value |
0x10000 |
Symbolic Name |
FLG_DISABLE_STACK_EXTENSION |
Destination |
Image file registry entry. |
Prevents the kernel from extending the stacks of the threads in the process beyond the initial memory committed. This is used to simulate low memory conditions (where stack extensions fail) and to test the strategic system processes that are expected to run well even with low memory.
Early critical section event creation
Hexadecimal value |
0x10000000 |
Symbolic Name |
FLG_CRITSEC_EVENT_CREATION |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Creates event handles when a critical section is initialized, rather than waiting until the event is needed. When the system cannot create an event, it generates the exception during initialization and the calls to enter and leave the critical section do not fail.
Because this flag uses a significant amount of nonpaged pool memory, use it only on very reliable systems that have sufficient memory.
Enable application verifier
Hexadecimal value |
0x100 |
Symbolic Name |
FLG_APPLICATION_VERIFIER |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Enable bad handles detection
Hexadecimal value |
0x40000000 |
Symbolic Name |
FLG_ENABLE_HANDLE_EXCEPTIONS |
Destination |
Systemwide registry entry, kernel mode. |
Raises a user mode exception (STATUS_INVALID_HANDLE) whenever a user mode process passes an invalid handle to the Object Manager.
Enable close exception
Hexadecimal value |
0x00400000 |
Symbolic Name |
FLG_ENABLE_CLOSE_EXCEPTIONS |
Destination |
Systemwide registry entry, kernel mode. |
Raises a user mode exception whenever an invalid handle is passed to the CloseHandle() interface or related interfaces, such as SetEvent(), that take handles as arguments.
Note
• |
This flag is still supported, but it has been replaced by Enable bad handles detection
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAAAATAAAACA");
if(o != null) o.innerHTML = "[#bhd]";
}
, which performs a more comprehensive check of handle use. |
Enable debugging of Win32 subsystem
Hexadecimal value |
0x20000 |
Symbolic Name |
FLG_ENABLE_CSRDEBUG |
Destination |
Systemwide registry entry, kernel mode. |
Runs the Client Server Run-time Subsystem (Csrss.exe) in the Windows Symbolic Debugger (Ntsd.exe) with the following parameters:
• |
-d Send output to kernel debugger console. |
• |
-p 1 Attach the debugger to already running Csrss process, as identified by its process ID, 1. |
This flag is effective only when the Debug Initial Command
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EDAASAAAACA");
if(o != null) o.innerHTML = "[#dic]";
}
(dic) or Debug Winlogon
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAASAAAACA");
if(o != null) o.innerHTML = "[#dwl]";
}
(dwl) flag is also set.
Enable exception logging
Hexadecimal value |
0x00800000 |
Symbolic Name |
FLG_ENABLE_EXCEPTION_LOGGING |
Destination |
Systemwide registry entry, kernel mode. |
Creates a log of exception records in the kernel run-time library. You can access the log from the kernel debugger.
Enable heap free checking
Hexadecimal value |
0x20 |
Symbolic Name |
FLG_HEAP_ENABLE_FREE_CHECK |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Validates the heap when it is freed.
See also: Enable heap tail checking
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EDAAQAAAACA");
if(o != null) o.innerHTML = "[#htc]";
}
, Enable heap parameter checking
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAAQAAAACA");
if(o != null) o.innerHTML = "[#hpc]";
}
.
Enable heap parameter checking
Hexadecimal value |
0x40 |
Symbolic Name |
FLG_HEAP_VALIDATE_PARAMETERS |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Verifies some aspects of the heap whenever a heap API is called.
See also: Enable heap validation on call
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAAPAAAACA");
if(o != null) o.innerHTML = "[#hvc]";
}
.
Enable heap tagging
Hexadecimal value |
0x800 |
Symbolic Name |
FLG_HEAP_ENABLE_TAGGING |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Assigns unique tags to heap allocations. You can display the tag by using the !heap debugger extension with the -t parameter.
For information about the !heap extension, see the Microsoft Windows 2000 Debugging Tools Kit, which is available from the Microsoft Windows Driver Development Kits (DDK)
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBBAOAAAACA");
if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=1651]";
}
Web site.
See also: Enable heap tagging by DLL
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAAOAAAACA");
if(o != null) o.innerHTML = "[#htd]";
}
.
Enable heap tagging by DLL
Hexadecimal value |
0x8000 |
Symbolic Name |
FLG_HEAP_ENABLE_TAG_BY_DLL |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Assigns a unique tag to heap allocations created by the same DLL. You can display the tag by using the !heap debugger extension with the -t parameter.
For information about the !heap extension, see the Microsoft Windows 2000 Debugging Tools Kit, which is available from the Microsoft Windows Driver Development Kits (DDK)
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBBANAAAACA");
if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=1651]";
}
Web site.
See also: Enable heap tagging
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAANAAAACA");
if(o != null) o.innerHTML = "[#htg]";
}
.
Enable heap tail checking
Hexadecimal value |
0x10 |
Symbolic Name |
FLG_HEAP_ENABLE_TAIL_CHECK |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Checks for buffer overruns when the heap is freed. This flag adds a short pattern to the end of each allocation. The Windows heap manager detects the pattern when the block is freed and, if the block was modified, the heap manager breaks into the debugger.
See also: Enable heap free checking
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EDAAMAAAACA");
if(o != null) o.innerHTML = "[#hfc]";
}
, Enable heap parameter checking
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAAMAAAACA");
if(o != null) o.innerHTML = "[#hpc]";
}
.
Enable heap validation on call
Hexadecimal value |
0x80 |
Symbolic Name |
FLG_HEAP_VALIDATE_ALL |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Validates the entire heap each time a heap API is called.
To avoid the high overhead resulting from this flag, use the HeapValidate() API at critical junctures, such as when the heap is destroyed. However, this flag is useful for detecting random corruption in a pool.
See also: Enable heap parameter checking
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBAALAAAACA");
if(o != null) o.innerHTML = "[#hpc]";
}
.
Enable loading of kernel debugger symbols
Hexadecimal value |
0x40000 |
Symbolic Name |
FLG_ENABLE_KDEBUG_SYMBOL_LOAD |
Destination |
Systemwide registry entry, kernel mode. |
Loads kernel symbols into the kernel memory space the next time the system starts. The kernel symbols are used in kernel profiling and by advanced kernel debugging tools.
Enable object handle type tagging
Hexadecimal value |
0x01000000 |
Symbolic Name |
FLG_ENABLE_HANDLE_TYPE_TAGGING |
Destination |
Systemwide registry entry, kernel mode. |
This flag appears in Gflags, but it has no effect on the operating system.
Enable page heap
Hexadecimal value |
0x02000000 |
Symbolic Name |
FLG_HEAP_PAGE_ALLOCS |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Turns on page heap debugging, which verifies dynamic heap memory operations, including allocations and frees, and causes a debugger break when it detects a heap error.
This option enables full page heap debugging when set for image files and standard page heap debugging when set in system registry or kernel mode.
• |
Full page heap debugging (for /i) places an inaccessible page at the end of an allocation. |
• |
Standard page heap debugging (for /r or /k) examines allocations as they are freed. |
Setting this flag for an image file is the same as typing gflags /p enable /full for the image file at the command line.
Enable pool tagging
Hexadecimal value |
0x400 |
Symbolic Name |
FLG_POOL_ENABLE_TAGGING |
Destination |
Systemwide registry entry. |
Important
• |
This flag is permanently set in Windows Server 2003. On these systems, the Enable pool tagging check box on the Gflags dialog box is dimmed and commands to enable or disable pool tagging fail. |
Collects data and calculates statistics about pool memory allocations. The data is grouped by pool tag value. Several tools that diagnose memory leaks and other kernel pool errors use the resulting data.
Use ExAllocatePoolWithTag or ExAllocatePoolWithQuotaTag to set the tag value. When no tag value is specified (ExAllocatePool, ExAllocatePoolWithQuota), the system creates a tag with the default value of "None." Because data for all allocations with a "None" tag is combined, you cannot distinguish the data for a specific allocation.
In Windows XP and earlier systems, this flag also directs the system to attach a pool tag even when the pool memory is allocated by using ExAllocatePoolWithQuotaTag. Otherwise, the tag bytes are used to store the quota values. In Windows Server 2003, tag values and quota values are stored in separate fields that are attached to every pool memory allocation.
The Enable pool tagging flag is permanently set on all versions of Windows Server 2003. As a result, the system always collects data about pool memory allocations.
Notes
• |
For information on allocating pool memory, see the Windows Driver Development Kit
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBACAAHAAAACA");
if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=3777]";
}
. |
• |
To display the data that the system collects about a tagged allocation, use Poolmon.exe, a tool in the Support Tools folder on Windows XP and Windows Server 2003. |
• |
The description of the Enable Pool Tagging flag in Windows XP Support Tools is incomplete. This flag directs the system to collect and process data by tag value. |
Enable system critical breaks
Hexadecimal value |
0x100000 |
Symbolic Name |
FLG_ENABLE_SYSTEM_CRIT_BREAKS |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
• |
For per-process (image file) only: Forces a system breakpoint into the debugger whenever the specified process stops abnormally. This flag is effective only when the process calls the RtlSetProcessBreakOnExit() and RtlSetThreadBreakOnExit() interfaces. |
• |
For systemwide (registry or kernel mode): Forces a system breakpoint to the debugger whenever processes that have called the RtlSetProcessBreakOnExit() and RtlSetThreadBreakOnExit() interfaces stop abnormally. |
Load DLLs top-down
Hexadecimal value |
0x20000000 |
Symbolic Name |
FLG_LDR_TOP_DOWN |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Loads DLLs at the highest possible address. This flag is used to test 64-bit code for pointer truncation errors, because the most significant 32 bits of the pointers are not zeroes. It is designed for code running on the 64-bit versions of the Windows Server 2003.
Maintain a list of objects for each type
Hexadecimal value |
0x4000 |
Symbolic Name |
FLG_MAINTAIN_OBJECT_TYPELIST |
Destination |
Systemwide registry entry, kernel mode. |
Collects and maintains a list of active objects by object type (for example, event, mutex, and semaphore). You can use Open Handles (Oh.exe)
if(typeof(IsPrinterFriendly) != "undefined")
{
var o = document.getElementById("EBCAEAAAACA");
if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=5943]";
}
, a tool included in the Windows 2000 Resource Kit, to display the object type lists. Because Oh.exe automatically sets the OTL flag, but does not clear it, you should use Gflags (-otl) to clear the flag.
Notes
• |
The linked lists created when you set this flag use eight bytes of overhead for each object. Remember to clear this flag when your analysis is complete. |
• |
This flag is available as a kernel mode setting, but it is not effective in kernel mode because the kernel is already started. |
Show loader snaps
Hexadecimal value |
0x2 |
Symbolic Name |
FLG_SHOW_LDR_SNAPS |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
Captures detailed information about the loading and unloading of executable images and their supporting library modules.
• |
For systemwide (registry or kernel mode): Whenever a driver is loaded, this flag writes the kernel contents to the kernel debugger console. This feature works only when using a "checked build," that is, an internal debugging build of the operating system. |
• |
For per-process (image file): Whenever a DLL is loaded, this flag writes the loader contents (and data related to DLL loading) to the program debugger console. |
Stop on exception
Hexadecimal value |
0x1 |
Symbolic Name |
FLG_STOP_ON_EXCEPTION |
Destination |
Systemwide registry entry, kernel mode, image file registry entry. |
The kernel breaks into the kernel debugger whenever a kernel mode exception occurs. The system passes all first chance exceptions (except for STATUS_PORT_DISCONNECT) with a severity of Warning or Error to the debugger before passing them to a local exception handler.
Stop on hung GUI
Hexadecimal value |
0x8 |
Symbolic Name |
FLG_STOP_ON_HUNG_GUI |
Destination |
Kernel mode |
This flag appears in Gflags, but it has no effect on the operating system.