The global (or entire) logo editor is a practical and CW2KP utility provided by Sppuort Tools, which was mentioned in the previous article on finding memory holes. So what is the meaning of the so-called "sign (Flag)"? We can roughly interpret it as "settings for the operating system environment." This kind of global flag editing can be used by the administrator to modify the system settings, can also be used for system diagnostics. From the use of the tool features and uses, can also reflect this point. This tool can also be used in conjunction with other tools, as a precursor to other tools, such as using a tool to find memory holes to start the flag editor first. Another feature is that the tool must be restarted after loading to be used, which is significantly different from other tools. The tool also has one version in both environments. Regardless of that version, there are a number of items to choose from, and the project corresponds to a specific key value in the registry. The choice of these items is actually a registry key changes, the key value of the modification of the system will be open or prohibit certain functions, the program is to use this to diagnose or troubleshoot the system. The following is a first introduction to the Logo editor for the GUI interface version used in CW2KP.
1. GUI Version Introduction
If you have already installed "Support Tools", open the program to use: "Start-> program->support tools->tools-> Global Flags Editor", which is the dialog box that appears after you open the program. The color rectangle or Oval box on the dialog box is what I added to make it easier for me to discuss myself.
Figures:
On the purpose (destination) tab, you can make three choices:
1. System Registration Form
2. Kernel mode
3, Icon files (image file) Three options are radio, can only choose one at a time. The first option is to modify the registry, of course, these changes are very limited, and mainly around the diagnosis of system failures and settings, with the usual we for the optimization of the system registry modification is not the same; The registry modification requires that the computer be restarted before it can take effect. Select the second item to enable kernel mode. Select the third item to modify the icon, to specify the name of the icon file in the image file name formula bar, and to specify the application represented by the icon in the command line formula, much like the familiar change icon operation. Regardless of which project you choose, you can use the Launch button to start the setting.
The destination box below is a selection of items, the role of all options, with a more complete English description next to the dialog box, which is basically relative to the second column in table 1, and the Chinese meaning can refer to the corresponding section of the third column in table 1. The leftmost column in table 1 is the abbreviation for the English description, which is also the corresponding parameter in the command-line version. It should be noted that some of the items listed in table 1 do not have a corresponding selection box in the dialog box, that is, these switches can only be used in the command-line version. All of these are listed in a blue font in the table. Similarly, some dialog boxes already have a selection box, the table can not find the corresponding description, which means that the item can only run under the GUI version. This type of supplement is shown below in table 1. The meaning of a noun term in a table or in a table description is outside the scope of this article, and you can refer to the relevant information when you need to know. And welcome to the improper and even wrong to correct.
The selection box is divided into five groups, and the second and third groups can basically be grouped into one, so I divide the five groups into four classes, each of which is separated by a rectangular frame of color. The Blue rectangular box contains 3 items, all of which are related to debugging options, the meaning is also obvious; the pink box contains 10 items, most of which are related to memory management; The green rectangle box is also an option related to program debugging, except that the associated content is not the same as the first class; the items in the red rectangle are miscellaneous, is divided into multiple areas, but in general, all options are set around diagnostic debugging.
The item in the Oval box is the number of layers selected for tracking capture, the default is layer 16, which you can modify to other values.
The rectangular box at the bottom right is the selection of a specific memory pool tag in kernel mode, with the option to select text or hexadecimal numbers, and the contents can be filled out in the given edit box. Then specify one in both of the test modes.
After the completion of the above selection, the mouse click Apply or OK.
Regardless of the version of the Global tag Editor, you must have a real understanding of commands, parameters, switches, and mindless use can cause program conflicts or fail when you restart your computer.
2. Command line version Introduction
The command line version and the GUI version are basically one by one corresponding. is also made up of parameters and switches.
Syntax for the command line:
Gflag [-R [flag [MaxDepth]] [k [flag]] [-I imagefilename [flag]] [-l flag commandline ...]
Parameter and switch Description:
Switch: Flag is the valid global flag in table 1
Flag should be in the following form:
A: A global flag for a hexadecimal number. If you need to find meaning when you use it, you can refer to the content in table 2, and tables 1 and 2 are actually two expressions of the same flag.
B: String, which is the abbreviation in the leftmost column in table 1.
C: If you use multiple switches at the same time, you can use the "+" number and the "-" sign to connect. This is similar to the simultaneous selection of multiple options in the accompanying drawings.
Parameters:
-R [flag] [maxdepth]
Displays the registry settings for the current system.
-K [flag] Run kernel mode
-I imagefilename [flag] loaded image filename
-l [flag commandline] Launches the specified settings item, rather than clicking on the "Launch" button above.
Abbreviations and meanings of valid global flags (table 1)
Abbreviation |
English |
Meaning description |
| Kst | Create kernel mode stack trace database | Establish a tracking database for the memory heap in kernel mode |
| Ust | Create user mode stack trace database | Establish a tracking database for the memory heap in user mode |
| Dic | Debug Initial Command | Debug Initialization command |
| Dwl | Debug WINLOGON | Debug WINLOGON |
| Dhc | Disable Heap COALESCE on free | Prohibit heap merging in free memory space |
| Ddp | Disable kernel mode dbgprint output | Disable debug printout for kernel mode |
| Dps | Disable Paging of kernel stacks | Disable kernel stack paging |
| Dpd | Disable protected DLL Verification | Preventing confirmation of DLL protection |
| Ece | Enable Close Exception | Allow shutdown of Exception programs |
| D32 | Enable Debugging of Win32 Subsystem | Allow debugger for Win32 subsystem |
| Eel | Enable Exception Logging | Allow Exception Program Login |
| Hat | Enable Heap API Call tracing | Allow trace calls to the API heap |
| Hfc | Enable HeapFree Checking | Allow free heap Checking |
| Hpc | Enable Heap parameter checking | Allow heap parameter checking |
| Htg | Enable Heap Tagging | Allow Tag heap |
| Htd | Enable Heap Tagging by DLL | Allow DLL Tag heap |
| Htc | Enable Heap Tail Checking | Allow heap tail Check |
| Hvc | Enable Heap validation on call | Allow confirmation of Heap calls |
| Ksl | Enable Loading of kernel debugger symbols | Allow kernel debug symbol to load |
| Eot | Enable Object Handle Type Tagging | Allow tag object handle type |
| Pfc | Enable Pool Free Checking | Allow check free memory pool |
| Ptg | Enable Pool Tagging | Allow tag memory pool |
| Ptc | Enable Pool Tail Checking | Allow Memory pool tail check |
| Otl | Maintain a list of objects for each type | Maintain a list of objects of each type |
| Hpa | Place heap allocations at ends of pages | Heap allocation at end of page |
| Sls | Show Loader snaps | Show capture of Load |
| Soe | Stop on Exception | Stop Exception Program |
Add: Buffer dbgprint output:debug buffers Print output
Table 2: Hexadecimal numbers corresponding to flag names:
Flag Name |
Hexadecimal number |
| Flg_stop_on_exception | 0x00000001 |
| Flg_show_ldr_snaps | 0x00000002 |
| Flg_debug_initial_command | 0x00000004 |
| Flg_stop_on_hung_gui | 0x00000008 |
| Flg_heap_enable_tail_check | 0x00000010 |
| Flg_heap_enable_free_check | 0x00000020 |
| Flg_heap_validate_parameters | 0x00000040 |
| Flg_heap_validate_all | 0x00000080 |
| Flg_pool_enable_tail_check | 0x00000100 |
| Flg_pool_enable_free_check | 0x00000200 |
| Flg_pool_enable_tagging | 0x00000400 |
| Flg_heap_enable_tagging | 0x00000800 |
| flg_user_stack_trace_db | 0x00001000 |
| flg_kernel_stack_trace_db | 0x00002000 |
| Flg_maintain_object_typelist | 0x00004000 |
| Flg_heap_enable_tag_by_dll | 0x00008000 |
| Flg_ignore_debug_priv | 0x00010000 |
| Flg_enable_csrdebug | 0x00020000 |
| Flg_enable_kdebug_symbol_load | 0x00040000 |
| Flg_disable_page_kernel_stacks | 0x00080000 |
| Flg_heap_enable_call_tracing | 0x00100000 |
| Flg_heap_disable_coalescing | 0x00200000 |
| Flg_enable_close_exceptions | 0x00400000 |
| Flg_enable_exception_logging | 0x00800000 |
| Flg_enable_handle_type_tagging | 0x01000000 |
| Flg_heap_page_allocs | 0x02000000 |
| Flg_debug_initial_command_ex | 0x04000000 |
| Flg_valid_bits | 0x07ffffff |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
