<2019年10月>
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789

文章分类

导航

订阅

Windows全局标志(Gflags)

Gflags Flag Reference

摘自TechNet,原始链接为:http://technet2.microsoft.com/WindowsServer/en/Library/6a183942-57b1-45e0-8b4c-c546aa1b8c471033.mspx

Buffer DbgPrint output

Abbreviation ddp

Hexadecimal value

0x08000000

Symbolic Name

FLG_DISABLE_DBGPRINT

Destination

Systemwide registry entry, kernel mode.

Suppresses debugger output from DbgPrint(), DbgPrintEx(), KdPrint(), and KdPrintEx() calls. When this output is suppressed, it does not automatically appear in the kernel debugger. However, it can still be accessed by using the !dbgprint debugger extension.

Create kernel mode stack trace database

Abbreviation kst

Hexadecimal value

0x2000

Symbolic Name

FLG_KERNEL_STACK_TRACE_DB

Destination

Systemwide registry entry.

Creates a run-time stack trace database of kernel operations, such as resource objects and object management operations. This feature works only when using a "checked build," that is, an internal debugging build of the operating system.

Note

This flag is available as a kernel mode setting, but it is not effective in kernel mode because the kernel is already started.

Create user mode stack trace database

Abbreviation ust

Hexadecimal value

0x1000

Symbolic Name

FLG_USER_STACK_TRACE_DB

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Creates a run-time stack trace database in the address space of a particular process (image file mode) or all processes (systemwide).

Debug initial command

Abbreviation dic

Hexadecimal value

0x4

Symbolic Name

FLG_DEBUG_INITIAL_COMMAND

Destination

Systemwide registry entry, kernel mode.

Runs Winlogon in the Windows Symbolic Debugger (Ntsd.exe) with the -d parameter, which directs its output to the kernel debugger console.

This flag is used for debugging the Client Server Run-time Subsystem (CSRSS), Winlogon.exe, and the Winlogon child processes.

See also: Debug Winlogon if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EDAA3AAAACA"); if(o != null) o.innerHTML = "[#dwl]"; } , Enable debugging of Win32 subsystem if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAA3AAAACA"); if(o != null) o.innerHTML = "[#d32]"; } .

Top of pageTop of page

Debug Winlogon

Abbreviation dwl

Hexadecimal value

0x04000000

Symbolic Name

FLG_DEBUG_INITIAL_COMMAND_EX

Destination

Systemwide registry entry, kernel mode.

Runs Winlogon in the Windows Symbolic Debugger (Ntsd.exe) with the following options:

-d  Send output to kernel debugger console.

-g  Ignore first breakpoint.

-x  Ignore first chance access violations.

See also: Debug Initial Command if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EDAA2AAAACA"); if(o != null) o.innerHTML = "[#dic]"; } , Enable debugging of Win32 subsystem if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAA2AAAACA"); if(o != null) o.innerHTML = "[#d32]"; } .

Top of pageTop of page

Disable heap coalesce on free

Abbreviation dhc

Hexadecimal value

0x00200000

Symbolic Name

FLG_HEAP_DISABLE_COALESCING

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Leaves adjacent blocks of heap memory separate when they are freed. By default, the system combines ("coalesces") newly freed adjacent blocks into a single block. Combining the blocks takes time, but reduces fragmentation that might force the heap to allocate additional memory when it can't find contiguous memory.

This flag is used to test optimizing strategies. It is not used for debugging.

Disable paging of kernel stacks

Abbreviation dps

Hexadecimal value

0x80000

Symbolic Name

FLG_DISABLE_PAGE_KERNEL_STACKS

Destination

Systemwide registry entry, kernel mode.

Prevents paging of the kernel mode stacks of inactive threads. Generally, the kernel mode stack cannot be paged; it is guaranteed to be resident in memory. However, the system occasionally pages the kernel stacks of inactive threads. This flag prevents these occurrences.

The kernel debugger can provide information about a thread only when its stack is in physical memory. This flag is particularly important when debugging deadlocks and in other cases when every thread must be tracked.

Disable protected DLL verification

Abbreviation dpd

Hexadecimal value

0x80000000

Symbolic Name

FLG_DISABLE_PROTDLLS

Destination

Systemwide registry entry, kernel mode, image file registry entry.

This flag appears in Gflags, but it has no effect on the operating system.

Disable stack extension

Abbreviation dse

Hexadecimal value

0x10000

Symbolic Name

FLG_DISABLE_STACK_EXTENSION

Destination

Image file registry entry.

Prevents the kernel from extending the stacks of the threads in the process beyond the initial memory committed. This is used to simulate low memory conditions (where stack extensions fail) and to test the strategic system processes that are expected to run well even with low memory.

Early critical section event creation

Abbreviation cse

Hexadecimal value

0x10000000

Symbolic Name

FLG_CRITSEC_EVENT_CREATION

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Creates event handles when a critical section is initialized, rather than waiting until the event is needed. When the system cannot create an event, it generates the exception during initialization and the calls to enter and leave the critical section do not fail.

Because this flag uses a significant amount of nonpaged pool memory, use it only on very reliable systems that have sufficient memory.

Enable application verifier

Abbreviation vrf

Hexadecimal value

0x100

Symbolic Name

FLG_APPLICATION_VERIFIER

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Enable bad handles detection

Abbreviation bhd

Hexadecimal value

0x40000000

Symbolic Name

FLG_ENABLE_HANDLE_EXCEPTIONS

Destination

Systemwide registry entry, kernel mode.

Raises a user mode exception (STATUS_INVALID_HANDLE) whenever a user mode process passes an invalid handle to the Object Manager.

Top of pageTop of page

Enable close exception

Abbreviation ece

Hexadecimal value

0x00400000

Symbolic Name

FLG_ENABLE_CLOSE_EXCEPTIONS

Destination

Systemwide registry entry, kernel mode.

Raises a user mode exception whenever an invalid handle is passed to the CloseHandle() interface or related interfaces, such as SetEvent(), that take handles as arguments.

Note

This flag is still supported, but it has been replaced by Enable bad handles detection if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAAAATAAAACA"); if(o != null) o.innerHTML = "[#bhd]"; } , which performs a more comprehensive check of handle use.

Enable debugging of Win32 subsystem

Abbreviation d32

Hexadecimal value

0x20000

Symbolic Name

FLG_ENABLE_CSRDEBUG

Destination

Systemwide registry entry, kernel mode.

Runs the Client Server Run-time Subsystem (Csrss.exe) in the Windows Symbolic Debugger (Ntsd.exe) with the following parameters:

-d  Send output to kernel debugger console.

-p 1  Attach the debugger to already running Csrss process, as identified by its process ID, 1.

This flag is effective only when the Debug Initial Command if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EDAASAAAACA"); if(o != null) o.innerHTML = "[#dic]"; } (dic) or Debug Winlogon if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAASAAAACA"); if(o != null) o.innerHTML = "[#dwl]"; } (dwl) flag is also set.

Top of pageTop of page

Enable exception logging

Abbreviation eel

Hexadecimal value

0x00800000

Symbolic Name

FLG_ENABLE_EXCEPTION_LOGGING

Destination

Systemwide registry entry, kernel mode.

Creates a log of exception records in the kernel run-time library. You can access the log from the kernel debugger.

Enable heap free checking

Abbreviation hfc

Hexadecimal value

0x20

Symbolic Name

FLG_HEAP_ENABLE_FREE_CHECK

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Validates the heap when it is freed.

See also: Enable heap tail checking if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EDAAQAAAACA"); if(o != null) o.innerHTML = "[#htc]"; } , Enable heap parameter checking if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAAQAAAACA"); if(o != null) o.innerHTML = "[#hpc]"; } .

Top of pageTop of page

Enable heap parameter checking

Abbreviation hpc

Hexadecimal value

0x40

Symbolic Name

FLG_HEAP_VALIDATE_PARAMETERS

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Verifies some aspects of the heap whenever a heap API is called.

See also: Enable heap validation on call if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAAPAAAACA"); if(o != null) o.innerHTML = "[#hvc]"; } .

Top of pageTop of page

Enable heap tagging

Abbreviation htg

Hexadecimal value

0x800

Symbolic Name

FLG_HEAP_ENABLE_TAGGING

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Assigns unique tags to heap allocations. You can display the tag by using the !heap debugger extension with the -t parameter.

For information about the !heap extension, see the Microsoft Windows 2000 Debugging Tools Kit, which is available from the Microsoft Windows Driver Development Kits (DDK) if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBBAOAAAACA"); if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=1651]"; } Web site.

See also: Enable heap tagging by DLL if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAAOAAAACA"); if(o != null) o.innerHTML = "[#htd]"; } .

Top of pageTop of page

Enable heap tagging by DLL

Abbreviation htd

Hexadecimal value

0x8000

Symbolic Name

FLG_HEAP_ENABLE_TAG_BY_DLL

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Assigns a unique tag to heap allocations created by the same DLL. You can display the tag by using the !heap debugger extension with the -t parameter.

For information about the !heap extension, see the Microsoft Windows 2000 Debugging Tools Kit, which is available from the Microsoft Windows Driver Development Kits (DDK) if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBBANAAAACA"); if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=1651]"; } Web site.

See also: Enable heap tagging if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAANAAAACA"); if(o != null) o.innerHTML = "[#htg]"; } .

Top of pageTop of page

Enable heap tail checking

Abbreviation htc

Hexadecimal value

0x10

Symbolic Name

FLG_HEAP_ENABLE_TAIL_CHECK

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Checks for buffer overruns when the heap is freed. This flag adds a short pattern to the end of each allocation. The Windows heap manager detects the pattern when the block is freed and, if the block was modified, the heap manager breaks into the debugger.

See also: Enable heap free checking if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EDAAMAAAACA"); if(o != null) o.innerHTML = "[#hfc]"; } , Enable heap parameter checking if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAAMAAAACA"); if(o != null) o.innerHTML = "[#hpc]"; } .

Top of pageTop of page

Enable heap validation on call

Abbreviation hvc

Hexadecimal value

0x80

Symbolic Name

FLG_HEAP_VALIDATE_ALL

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Validates the entire heap each time a heap API is called.

To avoid the high overhead resulting from this flag, use the HeapValidate() API at critical junctures, such as when the heap is destroyed. However, this flag is useful for detecting random corruption in a pool.

See also: Enable heap parameter checking if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBAALAAAACA"); if(o != null) o.innerHTML = "[#hpc]"; } .

Top of pageTop of page

Enable loading of kernel debugger symbols

Abbreviation ksl

Hexadecimal value

0x40000

Symbolic Name

FLG_ENABLE_KDEBUG_SYMBOL_LOAD

Destination

Systemwide registry entry, kernel mode.

Loads kernel symbols into the kernel memory space the next time the system starts. The kernel symbols are used in kernel profiling and by advanced kernel debugging tools.

Enable object handle type tagging

Abbreviation eot

Hexadecimal value

0x01000000

Symbolic Name

FLG_ENABLE_HANDLE_TYPE_TAGGING

Destination

Systemwide registry entry, kernel mode.

This flag appears in Gflags, but it has no effect on the operating system.

Enable page heap

Abbreviation hpa

Hexadecimal value

0x02000000

Symbolic Name

FLG_HEAP_PAGE_ALLOCS

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Turns on page heap debugging, which verifies dynamic heap memory operations, including allocations and frees, and causes a debugger break when it detects a heap error.

This option enables full page heap debugging when set for image files and standard page heap debugging when set in system registry or kernel mode.

Full page heap debugging (for /i) places an inaccessible page at the end of an allocation.

Standard page heap debugging (for /r or /k) examines allocations as they are freed.

Setting this flag for an image file is the same as typing gflags /p enable /full for the image file at the command line.

Enable pool tagging

Abbreviation ptg

Hexadecimal value

0x400

Symbolic Name

FLG_POOL_ENABLE_TAGGING

Destination

Systemwide registry entry.

Important

This flag is permanently set in Windows Server 2003. On these systems, the Enable pool tagging check box on the Gflags dialog box is dimmed and commands to enable or disable pool tagging fail.

Collects data and calculates statistics about pool memory allocations. The data is grouped by pool tag value. Several tools that diagnose memory leaks and other kernel pool errors use the resulting data.

Use ExAllocatePoolWithTag or ExAllocatePoolWithQuotaTag to set the tag value. When no tag value is specified (ExAllocatePool, ExAllocatePoolWithQuota), the system creates a tag with the default value of "None." Because data for all allocations with a "None" tag is combined, you cannot distinguish the data for a specific allocation.

In Windows XP and earlier systems, this flag also directs the system to attach a pool tag even when the pool memory is allocated by using ExAllocatePoolWithQuotaTag. Otherwise, the tag bytes are used to store the quota values. In Windows Server 2003, tag values and quota values are stored in separate fields that are attached to every pool memory allocation.

The Enable pool tagging flag is permanently set on all versions of Windows Server 2003. As a result, the system always collects data about pool memory allocations.

Notes

For information on allocating pool memory, see the Windows Driver Development Kit if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBACAAHAAAACA"); if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=3777]"; } .

To display the data that the system collects about a tagged allocation, use Poolmon.exe, a tool in the Support Tools folder on Windows XP and Windows Server 2003.

The description of the Enable Pool Tagging flag in Windows XP Support Tools is incomplete. This flag directs the system to collect and process data by tag value.

Enable system critical breaks

Abbreviation scb

Hexadecimal value

0x100000

Symbolic Name

FLG_ENABLE_SYSTEM_CRIT_BREAKS

Destination

Systemwide registry entry, kernel mode, image file registry entry.

For per-process (image file) only: Forces a system breakpoint into the debugger whenever the specified process stops abnormally. This flag is effective only when the process calls the RtlSetProcessBreakOnExit() and RtlSetThreadBreakOnExit() interfaces.

For systemwide (registry or kernel mode): Forces a system breakpoint to the debugger whenever processes that have called the RtlSetProcessBreakOnExit() and RtlSetThreadBreakOnExit() interfaces stop abnormally.

Load DLLs top-down

Abbreviation ltd

Hexadecimal value

0x20000000

Symbolic Name

FLG_LDR_TOP_DOWN

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Loads DLLs at the highest possible address. This flag is used to test 64-bit code for pointer truncation errors, because the most significant 32 bits of the pointers are not zeroes. It is designed for code running on the 64-bit versions of the Windows Server 2003.

Maintain a list of objects for each type

Abbreviation otl

Hexadecimal value

0x4000

Symbolic Name

FLG_MAINTAIN_OBJECT_TYPELIST

Destination

Systemwide registry entry, kernel mode.

Collects and maintains a list of active objects by object type (for example, event, mutex, and semaphore). You can use Open Handles (Oh.exe) if(typeof(IsPrinterFriendly) != "undefined") { var o = document.getElementById("EBCAEAAAACA"); if(o != null) o.innerHTML = "[http://go.microsoft.com/fwlink/?linkid=5943]"; } , a tool included in the Windows 2000 Resource Kit, to display the object type lists. Because Oh.exe automatically sets the OTL flag, but does not clear it, you should use Gflags (-otl) to clear the flag.

Notes

The linked lists created when you set this flag use eight bytes of overhead for each object. Remember to clear this flag when your analysis is complete.

This flag is available as a kernel mode setting, but it is not effective in kernel mode because the kernel is already started.

Show loader snaps

Abbreviation sls

Hexadecimal value

0x2

Symbolic Name

FLG_SHOW_LDR_SNAPS

Destination

Systemwide registry entry, kernel mode, image file registry entry.

Captures detailed information about the loading and unloading of executable images and their supporting library modules.

For systemwide (registry or kernel mode): Whenever a driver is loaded, this flag writes the kernel contents to the kernel debugger console. This feature works only when using a "checked build," that is, an internal debugging build of the operating system.

For per-process (image file): Whenever a DLL is loaded, this flag writes the loader contents (and data related to DLL loading) to the program debugger console.

Stop on exception

Abbreviation soe

Hexadecimal value

0x1

Symbolic Name

FLG_STOP_ON_EXCEPTION

Destination

Systemwide registry entry, kernel mode, image file registry entry.

The kernel breaks into the kernel debugger whenever a kernel mode exception occurs. The system passes all first chance exceptions (except for STATUS_PORT_DISCONNECT) with a severity of Warning or Error to the debugger before passing them to a local exception handler.

Stop on hung GUI

Abbreviation shg

Hexadecimal value

0x8

Symbolic Name

FLG_STOP_ON_HUNG_GUI

Destination

Kernel mode

This flag appears in Gflags, but it has no effect on the operating system.

posted on 2006年5月4日 17:58 由 Raymond

Powered by Community Server Powered by CnForums.Net