O'Reilly logo

Memory Dump Analysis Anthology, Volume 4 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. The Origin of Crash Dumps

Full Page Heap Settings on x64 Windows

If we want to use gflags.exe to enable page heap settings (or any other image file execution options) for a 32-bit executable running on x64 Windows we should use 32-bit version of gflags.exe from 32-bit Debugging Tools for Windows (see windbg.org for quick download links) or if we want to set appropriate registry key manually we should use Wow6432Node branch:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\<process name with .exe
extension>


Name: GlobalFlag
Type: REG_DWORD
Value: 0x02000000


Name: PageHeapFlags
Type: REG_DWORD
Value: 0x00000003

Memory Dumps from Hyper-Virtualized Windows

This is another addition ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required