Full page heap settings on x64 Windows
If we want to use gflags.exe to enable page heap settings (or any other image file execution options) for a 32-bit executable running on x64 Windows we should use 32-bit version of gflags.exe from 32-bit Debugging Tools for Windows (see windbg.org for quick download links) or if we want to set appropriate registry key manually we should use Wow6432Node branch:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<process name with .exe extension>
Name: GlobalFlag
Type: REG_DWORD
Value: 0x02000000
Name: PageHeapFlags
Type: REG_DWORD
Value: 0x00000003
- Dmitry Vostokov @ DumpAnalysis.org -
July 10th, 2009 at 5:18 am
> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\…
This is actually a wrong way of doing that. You need to use either 32bit version of gflags.exe just like you have mentioned or 32bit version of regedit/reg without Wow6432Node in the path. Try it in Windows 7 x64 and you will see the difference.
July 10th, 2009 at 5:20 am
> Try it in Windows 7 x64 and you will see the difference.
(After thinking for 2 seconds) Actually, no, you will not. There is a symbolic link between those two on Windows 7. Anyway 32bit regedit/reg is the way to go.
July 10th, 2009 at 10:39 am
Agree. I personally prefer gflags.exe and use regedit to double check
July 12th, 2010 at 8:23 pm
Related question: How can you confirm from a user provided full memory dump that full pageheap has been enabled vs pageheap lite? !gflag only shows if +hpa was enabled (0×02000000) and more specificly I am interested in what values for PageHeapFlags (e.g. 0×1003) and VerifyFlags (e.g. 1) options may have been set to prior to the dump. TIA.