The
gflags.exe utility is provided with the "Debugging Tools for Windows" installation. "Debugging Tools for Windows 10 (WinDbg)" is available at the link below. The same application works on Windows versions earlier than Windows 10.
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
Download and install "Debugging Tools for Windows 10 (WinDbg)".
The installer is for Windows 10 SDK. You only need to install Debugging Tools for Windows, which is one of the checkboxes when you start the installer. You can deselect the rest of the options to only install Debugging Tools for Windows.
Use 32-bit
gflags.exe for 32-bit processes and 64-bit
gflag.exe for 64-bit processes:
- 32-bit gflags.exe location: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86
- 64-bit gflags.exe location: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
Disable product self-protection if applicable for the respective process before proceeding. For Endpoint Security processes, disable Endpoint Security self-protection.
To enable a stack trace on a process,
cd to the pertinent
gflags.exe (32-bit or 64-bit) directory, and run the following from the command line:
gflags.exe /i <leaking process name> +ust
After running the above command, restart the targeted process to allow for the changes to take effect.
Example: To enable a stack trace on
mfetp.exe, run the following command:
gflags.exe /i mfetp.exe + ust
To disable a stack trace on a process,
cd to the pertinent
gflags.exe (32-bit or 64-bit) directory, and run the following from the command line:
gflags.exe /i <leaking process name> -ust
After you run the above command, restart the targeted process to disable stack tracing.