Windbg Debugger’s !htrace extension is very handy to debug handle leak.
The process essentially boils down to the following simple steps:
1. Enable trace
2. Take a snapshot
3. Run scenario
4. Show the diff
On step 4, !htrace will show all the extra opened handles after the last snapshot, along with the callstack if available. This greatly helps to debug what handles are leak, and by whom.
Like any other resource leak detection tool, there will be false positives. You need to understand what is a real leak, and what is just a transient allocation.
!htrace
The !htrace extension displays stack trace information for one or more handles.
Syntax
User-Mode Syntax
!htrace [Handle [Max_Traces]] !htrace -enable [Max_Traces]!htrace -snapshot!htrace -diff!htrace -disable!htrace -?
Kernel-Mode Syntax
!htrace [Handle [Process [Max_Traces]]] !htrace -?
Parameters
Handle
Specifies the handle whose stack trace will be displayed. If Handle is 0 or omitted, stack traces for all handles in the process will be displayed.
Process
(Kernel mode only) Specifies the process whose handles will be displayed. If Process is 0 or omitted, then the current process is used. In user mode, the current process is always used.
Max_Traces
Specifies the maximum number of stack traces to display. In user mode, if this parameter is omitted, then all the stack traces for the target process will be displayed.
-enable
(User mode only) Enables handle tracing and takes the first snapshot of the handle information to use as the initial state by the -diff option.
-snapshot
(User mode only) Takes a snapshot of the current handle information to use as the initial state by the -diff option.
-diff
(User mode only) Compares current handle information with the last snapshot of handle information that was taken. Displays all handles that are still open.
-disable
(User mode only; Windows Server 2003 and later only) Disables handle tracing. In Windows XP, handle tracing can be disabled only by terminating the target process.
-?
Displays some brief Help text for this extension in the Debugger Command window.
DLL
Windows NT 4.0
Unavailable
Windows 2000
Windows XP and later
Kdexts.dll Ntsdexts.dll
Comments
Before !htrace can be used, Application Verifier must be activated for the target process, and the Detect invalid handle usage option must be selected. By activating Application Verifier, stack trace information is saved each time the process opens a handle, closes a handle, or references an invalid handle. It is this stack trace information that !htrace displays. For more information, see Application Verifier.
The following example displays information about all handles in process 0x81400300:
kd> !htrace 0 81400300Process 0x81400300ObjectTable 0xE10CCF60--------------------------------------Handle 0x7CC - CLOSE:0x8018FCB9: ntoskrnl!ExDestroyHandle+0x1030x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE40x801E1DD9: ntoskrnl!ObpCloseHandle+0x850x801E1EDD: ntoskrnl!NtClose+0x190x010012C1: badhandle!mainCRTStartup+0xE30x77DE0B2F: KERNEL32!BaseProcessStart+0x3D--------------------------------------Handle 0x7CC - OPEN:0x8018F44A: ntoskrnl!ExCreateHandle+0x940x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C0x801E7317: ntoskrnl!ObInsertObject+0xC30x77DE23B2: KERNEL32!CreateSemaphoreA+0x660x010011C5: badhandle!main+0x450x010012C1: badhandle!mainCRTStartup+0xE30x77DE0B2F: KERNEL32!BaseProcessStart+0x3D--------------------------------------Handle 0x7DC - BAD REFERENCE:0x8018F709: ntoskrnl!ExMapHandleToPointerEx+0xEA0x801E10F2: ntoskrnl!ObReferenceObjectByHandle+0x12C0x801902BE: ntoskrnl!NtSetEvent+0x6C0x80154965: ntoskrnl!_KiSystemService+0xC40x010012C1: badhandle!mainCRTStartup+0xE30x77DE0B2F: KERNEL32!BaseProcessStart+0x3D--------------------------------------Handle 0x7DC - CLOSE:0x8018FCB9: ntoskrnl!ExDestroyHandle+0x1030x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE40x801E1DD9: ntoskrnl!ObpCloseHandle+0x850x801E1EDD: ntoskrnl!NtClose+0x190x010012C1: badhandle!mainCRTStartup+0xE30x77DE0B2F: KERNEL32!BaseProcessStart+0x3D--------------------------------------Handle 0x7DC - OPEN:0x8018F44A: ntoskrnl!ExCreateHandle+0x940x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C0x801E7317: ntoskrnl!ObInsertObject+0xC30x77DE265C: KERNEL32!CreateEventA+0x660x010011A0: badhandle!main+0x200x010012C1: badhandle!mainCRTStartup+0xE30x77DE0B2F: KERNEL32!BaseProcessStart+0x3D--------------------------------------Parsed 0x6 stack traces.Dumped 0x5 stack traces.
Additional Information
For information about handles, see the Microsoft Windows SDK documentation and Microsoft Windows Internals by Mark Russinovich and David Solomon. To display further information about a specific handle, use the !handle extension.
© 2007 Microsoft CorporationSend feedback on this topic