Understanding handle leaks and how to use !htrace to find them

Download this episode

Download Video

Description

Hello, my name is Jeff Dailey, I’m an Escalation Engineer for the Global Escalation Services Platforms team.   I’d like to show you how to debug and find leaking handles within your application or other process.  We can do this with the !htrace command in windbg .  Windbg is the Microsoft Windows Debugger most of us use in GES/CPR  for debugging.   

 

Handles are a value we use in user mode, that when passed to a call that transitions to kernel, are used as an offset in your handle table to reference kernel mode objects.  Kernel mode objects are generally allocated from pool.   If you are having pool consumption problems and seeing errors like 2020 or 2019’s reported there is a good chance you may have a handle leak associated with them.  This is generally due to not doing a CloseHandle() on the handle when you have finished using it.

 

The following is the sample source for a handle leak that we will be debugging in our demo video.

 

// leakyhandles.cpp : Defines the entry point for the console application.

//

 

#include "stdafx.h"

#include <windows.h>

 

 

void fun1(void);

void fun2(void);

void fun3(void);

void fun4(void);

 

int main(int argc, char* argv[])

{

      while(1)

      {

            fun1();

            fun2();

            Sleep(100);

      }

      return 0;

}

 

void fun1(void)

{

      fun3();

}

 

void fun2(void)

{

      fun4();

 

}

void fun3(void)

{

      HANDLE hEvent;

 

      hEvent = CreateEvent(NULL,TRUE,TRUE,NULL);

      CloseHandle(hEvent);

}

void fun4(void)

{

    HANDLE hEvent2;

 

      hEvent2 = CreateEvent(NULL,TRUE,TRUE,NULL);

}

 

Thank you.

Jeff Dailey

Escalation Engineer (Platforms core team)

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      jigarmehtam​scit

      Seems like the CHM which you have shown comes with MS confidential (private) version of windbg...

      (though there is not much difference in the page thats shown!)

      But thanks for taking initiative and start giving nice small tutorials on debugging with windbg..

    • User profile image
      dcook
      For the record, the "internal" version is essentially used for communication between the people maintaining the CHM. It doesn't have any "secrets" in it -- just boring stuff like "this needs to be cleaned up" or "can you check with Bob to see if there is an easier way to do this". Tongue Out
    • User profile image
      vve
      Thanks Jeff!

      Hope to see more of those trainings in future...

      Cheers,
      Volker

      http://www.voneinem-windbg.blogspot.com/
    • User profile image
      MythTW

      i have tried for several times to watch this video, but every time after it played about 1 or 2 mins, it just stopped...

      i have no way to finish watching the video, is there anyway i can do about it?? my bandwidth is 12mb download/1mb upload, so it's not a bandwidth problem.

      is there anyway i can download the video or just think a way to help me be able to watch it....

    • User profile image
      MythTW
      ha, using a tool, i can download the wmv file and finally be able to watch it.
      Going to play with this method on my machine now...
      thanks for the tutorial..
    • User profile image
      sang

      I am alos not able to watch the video ....which tool helped to donwload wmv...?

    • User profile image
      c0decafe

       

      You can click on the "Formats:" drop-down and in the list, right-click the WMV and choose "Save-As". At least that worked for me. This was the direct link from that:

      http://mschnlnine.vo.llnwd.net/d1/ch9/1/2/6/7/5/2/341851_leakyhandles.wmv

    • User profile image
      anonymous

      Hi, that video was very helpful, thanks for that Jeff. And thanks to c0decafe for the download link.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.