Tracing Flags in the PEB

Windows 7 added a new set of bit fields to the PEB, reliably at offsets 0x0240 and 0x0378 in 32-bit and 64-bit Windows respectively. A single ULONG, named TracingFlags, overlays the bits.

Mask Definition Versions
0x00000001 
ULONG HeapTracingEnabled : 1;
 6.1 and higher
0x00000002 
ULONG CritSecTracingEnabled : 1;
 6.1 and higher
0x00000004 
ULONG LibLoaderTracingEnabled : 1;
 6.2 and higher
  
ULONG SpareTracingBits : 30;
 6.1 only 
ULONG SpareTracingBits : 29;
 6.2 and higher

This page was created on 15th December 2016 from material first published on 29th April 2016.

Copyright © 2016. Geoff Chappell. All rights reserved. Conditions apply.