Last time for debugging library load issues I had to use gflags utility from Microsoft. I was wondering what it was doing exactly.
So i started with monitoring registery tweaks when executing command gflags -i notepad.exe +sls and gflags -i notepad.exe -sls and it was quite evident that it was just setting up a new registry value.
C:\WINDOWS\system32>gflags -i notepad.exe +sls
Current Registry Settings for notepad.exe executable are: 00000002
sls - Show Loader Snaps
C:\WINDOWS\system32>gflags -i notepad.exe -sls
Current Registry Settings for notepad.exe executable are: 00000000
registry tweaks done by gflags
Now, we know that we need to create a registry entry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe and a value named GlobalFlag with value StringValue set to 2 for enabling and 0 for disabling LoaderSnaps.
with this, we can roll out our own gflags for loadsnaps (just need to ensure that you run appropriate priviledges for registry tweaks)
enum GlobalFlags
{
Enable,
Disable
}
private void SetupGlobalFlags(string appName, GlobalFlags flags)
{
string subKeyName = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" + appName;
try
{
RegistryKey key = Registry.LocalMachine.OpenSubKey(subKeyName, true);
if (key == null)
key = Registry.LocalMachine.CreateSubKey(subKeyName);
using (key)
{
if (flags == GlobalFlags.Enable)
key.SetValue("GlobalFlag", "0x00000002", RegistryValueKind.String);
else
key.SetValue("GlobalFlag", "0x00000000", RegistryValueKind.String);
}
}
catch(Exception ex)
{
MessageBox.Show(string.Format("Couldn't access registry..\n{0}", ex.Message),
"Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}