[Windbg tips] list all handle and view handle information

Windbg! The handle command allows you to conveniently debug the handle ).

 

View All handles in a process, Enter the command line

0: 014>! Handle
Handle 4
Type directory
Handle 8
Type Process
Handle C
Type key
Handle 10
Type Mutant
Handle 14
Type alpc Port
Handle 18
Type key
Handle 1c
Type event
Handle 20
Type key

... (Omitted)

 

Handle 7e0
Type Mutant
392 handles
Type count
None 17
Event 134
Section 47
File 35
Directory 3
Mutant 34
Windowstation 2
Semaphore 24
Key 47
Token 1
Process 3
Thread 27
Desktop 1
Iocompletion 4
Timer 5
Job 1
Keyedevent 1
Tpworkerfactory 6

From the windbg output results, we can see the types and values of all handles, and statistical information (a total of 392 handle, including 35 file handles and 47 registry handles ....).

 

 

If you wantView Details of a handle, You can run the following command:

 

0: 014>! Handle 0x5c8 F
Handle 5c8
Type key
Attributes 0
Grantedaccess 0x20019:
Readcontrol
Queryvalue, enumsubkey, Policy
Handlecount 2
Pointercount 3
Name/Registry/user/S-1-5-21-2127521184-1604012920-1887927527-2966534/software/Microsoft/Windows/CurrentVersion/Explorer/fileexts
Object specific information
Key last write time: 16:52:14. 5/20/2009
Key name fileexts

 

0x5c8 is the handle value. parameter F indicates that all information is displayed. We can see that the handle 0x5c8 is the Registry handle, path is/Registry/user/S-1-5-21-2127521184-1604012920-1887927527-2966534/software/Microsoft/Windows/CurrentVersion/Explorer/fileexts.

 

 

It is worth mentioning that windbg also provides! HtraceCommand, you can easily use the handle leak to check handle leakage. Next time, I will write a blog to introduce it.! Htrace.

 

 

> Original article copyright belongs to the author, reprint please indicate the source (http://blog.csdn.net/WinGeek/), thank you. <