DEVHIDE
Login Or Sign up

GFlags Stop on hung GUI

340 Views Asked by At

Today I was wondering why the GFlags option Stop on hung GUI appears in the Kernel Flags tab of the GFlags user interface. Does the kernel have a GUI which could hang?

So I tried to get some information from Microsoft, but MSDN just says:

The Stop on hung GUI flag appears in GFlags, but it has no effect on Windows.

So I wonder even more: a kernel flag for a kernel which has a GUI, but it's not the Windows kernel?

Although it seems not of practical use, can anyone explain this?

I also tried to get more information from WinDbg .hh !gflag, but it doesn't even give the statement that this won't work on Windows.

windbg windows-kernel gflags
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

Kernel flag indicates flag takes effect immediately without requiring a reboot

Registry flag requires a reboot for the flags to take effect

the kernel does not have any gui that could hang.

the term windows doesnt mean kernel but the gui windows of the running application

check NtSetSystemInformation in your os to understand why 0x8 does not take effect

basically there are a few hardcoded magic numbers inside this api which tests each request for GlobalFlag changes and allows them or disallows them in xp-sp3 this magic value is 0B2319BF0 so any flag that is < 0x10 will be disallowed and stop on hung gui is 0x8 so it isnt effective and you cant set this from registry tab

so effectively no way of setting this flag

nt!NtSetSystemInformation+0x193:
80606009 8b03            mov     eax,dword ptr [ebx]  ds:0023:001285f8=00000008  <---- +shg
8060600b 25f09b31b2      and     eax,0B2319BF0h  < magic value in nt 
80606010 8945a0          mov     dword ptr [ebp-60h],eax ss:0010:fb569cf0=00000000
80606013 8b0d6c125580    mov     ecx,dword ptr [nt!NtGlobalFlag (8055126c)] ds:0023:8055126c=00000000
80606019 81e10f64ce4d    and     ecx,4DCE640Fh  <--another magic value  both these magic values orred together 
will be 0xffffffff covers the whole range of flags 
8060601f 0bc1            or      eax,ecx
80606021 8945a0          mov     dword ptr [ebp-60h],eax ss:0010:fb569cf0=00000000
80606024 a36c125580      mov     dword ptr [nt!NtGlobalFlag (8055126c)],eax ds:0023:8055126c=00000000

Related Questions in WINDBG

Related Questions in WINDOWS-KERNEL

Related Questions in GFLAGS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.