Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

No "show loader snaps" output

540 views
Skip to first unread message

johan...@gmail.com

unread,
Sep 1, 2007, 8:20:27 PM9/1/07
to
Hi,

I've tried getting some output from the loader in a few scenarios,
including locally on a 32-bit Vista system with WinDBG and DbgView and
in a virtual machine (XP SP2) being kernel debugged. I must be missing
something very basic, because regardless of whether I set the flag
globally or for a particular image I can't get any output.

The below should give some specifics wrt settings and versions.

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.

...

Windows XP Kernel Version 2600 UP Free x86 compatible
Built by: 2600.xpsp_sp2_qfe.070227-2300
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805535a0

...

kd> !gflag
Current NtGlobalFlag contents: 0x00000002
sls - Show Loader Snaps

Thanks for any help,
Johan

Pavel Lebedinsky [MSFT]

unread,
Sep 6, 2007, 11:54:46 PM9/6/07
to
+sls is a per-process flag so you need to set it from a user mode
debugger (cdb/ntsd) or using gflags -i. It might also require a user
mode debugger to be attached, though I'm not entirely sure about
that.

C:\Debuggers>cdb notepad

0:000> !gflag +sls
New NtGlobalFlag contents: 0x00000072


sls - Show Loader Snaps

htc - Enable heap tail checking
hfc - Enable heap free checking
hpc - Enable heap parameter checking

0:000> g
LDR: LdrLoadDll, loading ShimEng.dll from
LDR: Loading (DYNAMIC, NON_REDIRECTED) C:\WINDOWS\system32\ShimEng.dll

--
This posting is provided "AS IS" with no warranties, and confers no
rights.

johan...@gmail.com

unread,
Sep 7, 2007, 3:43:33 PM9/7/07
to
On Sep 7, 5:54 am, "Pavel Lebedinsky [MSFT]"

<pa...@online.microsoft.com> wrote:
> +sls is a per-process flag so you need to set it from a user mode
> debugger (cdb/ntsd) or using gflags -i. It might also require a user
> mode debugger to be attached, though I'm not entirely sure about
> that.

Thanks, the user mode debugger "works" even though I was kind of
hoping to see output from the loading of the first dlls as well (not
ntdll.dll obviously). I also think this almost entirely contradicts
the help entry for Show loader snaps (and the gflags gui):
----
Show loader snaps
The Show loader snaps flag captures detailed information about the
loading and unloading of executable images and their supporting
library modules and displays the data in the -->kernel debugger
console<--.

Destination -->System-wide registry entry, kernel flag<--, image file
registry entry

Comments
For system-wide (registry or kernel flag), this flag displays
information about driver loading and unloading operations.

For per-process (image file), this flag displays information about
loading and unloading of DLLs.
----

Thanks again,
j

0 new messages