Reputation: 1010
How to drill down to code who created the handle
I know if we provide the absolute path to Handle.exe it will list all processes that locked the file.
F:\Softwares\Handle>Handle.exe D:\Source\sample.dll
Handle v4.0
Copyright (C) 1997-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
test1.exe pid: 9928 type: File 408: D:\Source\sample.dll
test2.exe pid: 10840 type: File 6A8: D:\Source\sample.dll
test3.exe pid: 15788 type: File 374: D:\Source\sample.dll
test4.exe pid: 10940 type: File 308: D:\Source\sample.dll
test5.exe pid: 15424 type: File 3FC: D:\Source\sample.dll
test6.exe pid: 10076 type: File 8AC: D:\Source\sample.dll
Windows 7 64bit
As stated by Handle.exe my sample.dll is locked by 6 different process. I want to know which is the line of code which actually holds the sample.dll from each process. My task is to fix the handle leaks in my mammoth application. So my problem is not fixed to a specific part of program. The task is i have to generate report contains handle leaks diagnose who created it. The leaks are not specific to file , it expands to all system resource like file, registry key, event,Semaphore,Thread ...etc .
I have taken a dump using windbg but I couldn't find how to diagnose the dump file especially for handle leaks. In my search around half a day a couldn't find good tutorial or solution which suites my problem.
Is there any command line tool or any other tool which answers my question.
Upvotes: 3
Views: 566
Answers (2)
Reputation: 4926
I think you can find the culprit by using procmon, another Sysinternals tool.
It will make your day, only problem is in case the handle creation rate is very slow - you can not record system activity for more than few tenths of minutes... except your system has a huge amount of memory installed.
Once you have recorded your events (don't forget to run it as Administrator, and to stop it after few minutes, I prefer to analyze the captured data after stopping it usually) go to the menu "Tools" -> "File Summary" and find the accessed files there.
Double clicking on a file (or on a directory, in the folder view, and so on... doubleclicking "anywehere"), will add a filter in the procmon view and let you analyze every single operation regarding it, performed by any process running in the system.
If you double-click on the single operation, you will be able also to view the backtrace of the stack in the context of that syscall, further other details regarding the I/O (in this specific case) operation.
Upvotes: 0
Reputation: 941545
You are using the wrong debugging tool. You want to read this article, it goes into great detail how to get a stack-trace for leaked handles with the !htrace debugger command. Also covered by this existing SO question.
You'll see "Debugging Tools for Windows" mentioned often. It is no longer a separate download but included in the Windows SDK install.
Upvotes: 4
Related Questions
- How to enumerate a process's handles?
- Output of SysInternal's handle.exe
- Finding where a handle is open to
- which driver is the owner of a handle?
- How can I identify what handles this process has open?
- Source of a HANDLE on windows
- how do you find what window(Handle) takes process ownership? And get the handle for that..?
- Find what file a short lived HANDLE is associated with
- Dump handles of Windows process and extra information about them
- Track handle creation / deletion