library load dbg flags

Last time for debugging library load issues I had to use gflags utility from Microsoft. I was wondering what it was doing exactly. So i started with monitoring registery tweaks when executing command gflags -i notepad.exe +sls and gflags -i notepad.exe -sls and it was quite evident that it was just setting up a new registry value.

C:\WINDOWS\system32>gflags -i notepad.exe +sls
Current Registry Settings for notepad.exe executable are: 00000002
    sls - Show Loader Snaps

C:\WINDOWS\system32>gflags -i notepad.exe -sls
Current Registry Settings for notepad.exe executable are: 00000000

Now, we know that we need to create a registry entry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe and a value named GlobalFlag with value StringValue set to 2 for enabling and 0 for disabling LoaderSnaps.

With this, we can roll out our own gflags for loadsnaps (just need to ensure that you run appropriate priviledges for registry tweaks)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

enum GlobalFlags
{
    Enable,
    Disable
}

private void SetupGlobalFlags(string appName, GlobalFlags flags)
{
    string subKeyName = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" + appName;
    try
    {
        RegistryKey key = Registry.LocalMachine.OpenSubKey(subKeyName, true);
        if (key == null)
            key = Registry.LocalMachine.CreateSubKey(subKeyName);

        using (key)
        {
            if (flags == GlobalFlags.Enable)
                key.SetValue("GlobalFlag", "0x00000002", RegistryValueKind.String);
            else
                key.SetValue("GlobalFlag", "0x00000000", RegistryValueKind.String);
        }
    }
    catch(Exception ex)
    {
        MessageBox.Show(string.Format("Couldn't access registry..\n{0}", ex.Message),
                        "Error", MessageBoxButton.OK, MessageBoxImage.Error);
    }
}

windows debug