Example 1: Displaying Global Flags
The commands demonstrated in this example display the system-wide flags set in the registry, the system flags set for the session (kernel mode), and the flags set for an image file.
The following GFlags command displays the current value of the system-wide flags set in the registry. It uses the /r parameter to specify the system-wide registry entry.
gflags /r
In response, GFlags displays a single hexadecimal value representing the sum of all flags set and a list of the flags set.
Current Boot Registry Settings are: 40001400
ptg - Enable pool tagging
ust - Create user mode stack trace database
bhd - Enable bad handles detection
In this example, the results show that there are three tags set, with a combined value of 0x40001400.
Enable pool tagging (ptg) = 0x400
Create user mode stack trace database (ust) = 0x1000
Enable bad handles detection (bhd) = 0x40000000
The following command displays the flags set for the current session. It uses the /k parameter to indicate kernel mode.
gflags /k
The following command displays flags set in the registry for the image file notepad.exe. It uses the /i parameter to indicate image file mode and specifies the image file.
gflags /i notepad.exe
Remember that the flag value displayed might not be the current, effective flag value. Changes to the system-wide flags are not effective until you restart Windows. Changes to image file flag settings are not effective until you restart the program.