Compartilhar via

TalkBackVideo Understanding handle leaks and How to use !htrace to find them

  • Artigo

Written by Jeff Dailey

 

Hello, my name is Jeff Dailey, I’m an Escalation Engineer for the Global Escalation Services Platforms team. I’d like to show you how to debug and find leaking handles within your application or other process. We can do this with the !htrace command in windbg . Windbg is the Microsoft Windows Debugger most of us use in GES/CPR for debugging.   

 

Handles are a value we use in user mode, that when passed to a call that transitions to kernel, are used as an offset in your handle table to reference kernel mode objects. Kernel mode objects are generally allocated from pool. If you are having pool consumption problems and seeing errors like 2020 or 2019’s reported there is a good chance you may have a handle leak associated with them. This is generally due to not doing a CloseHandle() on the handle when you have finished using it.

You can vide the channel9 "how to debug handle leaks" video here

 

The following is the sample source for a handle leak that we will be debugging in our demo video.

 

// leakyhandles.cpp : Defines the entry point for the console application.

//

#include "stdafx.h"

#include <windows.h>

void fun1(void);

void fun2(void);

void fun3(void);

void fun4(void);

int main(int argc, char* argv[])

{

      while(1)

      {

            fun1();

            fun2();

            Sleep(100);

      }

      return 0;

}

void fun1(void)

{

      fun3();

}

void fun2(void)

{

      fun4();

}

void fun3(void)

{

      HANDLE hEvent;

      hEvent = CreateEvent(NULL,TRUE,TRUE,NULL);

      CloseHandle(hEvent);

}

void fun4(void)

{

    HANDLE hEvent2;

      hEvent2 = CreateEvent(NULL,TRUE,TRUE,NULL);

}

 

Thank you.

Jeff Dailey

Escalation Engineer (Platforms core team)

Comments

  • Anonymous
    September 12, 2008
    The comment has been removed
  • Anonymous
    April 26, 2009
    Thank you for the sample code! I really enjoyed it! I wrote the followin WinDbg script code just to see how your code works. It's beautiful. WinDbg script code: .catch {    .block    {        .logclose        .logappend d:windbglogsbrowsers.log        r $t0  = ${/d:$SafetyCheck}    }    .block    {       .if (0 == @$t0)       {           as $SafetyCheck "Written by Takashi Toyota"       }       .else       {           al           ad /q *           }    }    .block    {         .create D:ITDanwahandleleakDebughandleleak.exe         g         .detach         .attach -k         g         !gflag         r $t0 = nt!PsActiveProcessHead         .for (r $t1 = poi(@$t0); (@$t1 != 0) & (@$t1 != @$t0); r $t1 = poi(@$t1))         {            r? $t2 = #CONTAINING_RECORD(@$t1, nt!_EPROCESS, ActiveProcessLinks)            as /ma $ImageName @@c++(&@$t2->ImageFileName[0])            .block            {               .if (1 == $spat("${$ImageName}", "handleleak"))                           {                  .for (r $t9 = 0; @$t9 < 3; r $t9 = @$t9 + 1)                  {                    .time                    .sleep 0n3000                    r? $t3 = @@C++((int) @$t2->ObjectTable->HandleCount)                    n 10                    ?? @$t3                   }               }             }          ad $ImageName         }    }  .detach } Result: Debug session time: Wed Nov  5 16:53:16.949 2008 (GMT+9) System Uptime: 0 days 8:28:36.780 base is 10 int 40 Debug session time: Wed Nov  5 16:53:19.964 2008 (GMT+9) System Uptime: 0 days 8:28:39.794 base is 10 int 70 Debug session time: Wed Nov  5 16:53:22.978 2008 (GMT+9) System Uptime: 0 days 8:28:42.809 base is 10 int 100