问题
I'm working on a C++ project on Windows 10, its been noticed that over time the Handles associated with the process increases and continues to grow.
Searching online for a reason I'm not sure if this means that the process has a memory leak or if this is normal.
When memory is allocated and then freed, would I see the handles increase and decrease?
I've been using this as I'm struggling to find what the cause is: https://docs.microsoft.com/en-us/archive/blogs/markrussinovich/pushing-the-limits-of-windows-handles
I cannot find any calls to anything that creates a handle in the code.
[Edit] Using windbg to open the dumped process content:
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\u49100\Downloads\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
16299.637.x86fre.rs3_release_svc.180808-1748
Machine Name:
Debug session time: Wed Feb 5 09:56:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:44:55.871
Process Uptime: 0 days 0:02:30.000
................................................................
.....................................
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
For analysis of this file, run !analyze -v
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
0:075> !analyze -v
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PlatformSG.dll
*** WARNING: Unable to verify checksum for ManagementServiceGroup.exe
*** WARNING: Unable to verify checksum for SlaveCommsSG.dll
*** WARNING: Unable to verify checksum for CalibrationFramework.dll
*** WARNING: Unable to verify checksum for SPLINTServer.dll
*** WARNING: Unable to verify checksum for TCPIPManager.dll
*** WARNING: Unable to verify checksum for MillikanFaults.dll
*** WARNING: Unable to verify checksum for MillikanCalibration.dll
*** WARNING: Unable to verify checksum for HBC.dll
*** WARNING: Unable to verify checksum for Machine.dll
*** WARNING: Unable to verify checksum for Vibrator.dll
*** WARNING: Unable to verify checksum for TelnetServer.dll
*** WARNING: Unable to verify checksum for UserDefects.dll
*** WARNING: Unable to verify checksum for HBCStatCollector.dll
*** WARNING: Unable to verify checksum for StatisticsArchiver.dll
*** WARNING: Unable to verify checksum for SplintVibratorCalibration.dll
*** WARNING: Unable to verify checksum for StatisticsHistorian.dll
*** WARNING: Unable to verify checksum for ModeManager.dll
*** WARNING: Unable to verify checksum for SPLINTStatDistributor.dll
*** WARNING: Unable to verify checksum for IOMillikan.dll
*** WARNING: Unable to verify checksum for ProcessControlSG.dll
*** WARNING: Unable to verify checksum for CameraGroup.dll
*** WARNING: Unable to verify checksum for ComponentLifeMonitor.dll
KEY_VALUES_STRING: 1
Key : Timeline.OS.Boot.DeltaSec
Value: 2695
Key : Timeline.Process.Start.DeltaSec
Value: 150
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
Timeline: !analyze.Start
Name: <blank>
Time: 2020-02-05T10:01:43.660Z
Diff: 289660 mSec
Timeline: Dump.Current
Name: <blank>
Time: 2020-02-05T09:56:54.0Z
Diff: 0 mSec
Timeline: Process.Start
Name: <blank>
Time: 2020-02-05T09:54:24.0Z
Diff: 150000 mSec
Timeline: OS.Boot
Name: <blank>
Time: 2020-02-05T09:11:59.0Z
Diff: 2695000 mSec
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
Resetting default scope
FAULTING_IP:
ntdll!DbgBreakPoint+0
77041900 cc int 3
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 77041900 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 00000000
PROCESS_NAME: ManagementServiceGroup.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 00000000
WATSON_BKT_PROCSTAMP: 5e38030b
WATSON_BKT_MODULE: ntdll.dll
WATSON_BKT_MODSTAMP: 7b4896c1
WATSON_BKT_MODOFFSET: 71900
WATSON_BKT_MODVER: 10.0.16299.936
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 16299.637.x86fre.rs3_release_svc.180808-1748
MODLIST_WITH_TSCHKSUM_HASH: 70177fe8843802a721ebc9381c39ea0930d91d47
MODLIST_SHA1_HASH: 88c13d9b0d70b5ff412cbabd039482499bc59744
NTGLOBALFLAG: 1100
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 80000004
CHKIMG_EXTENSION: !chkimg -lo 50 -d !ntdll
77030eb0-77030eb4 5 bytes - ntdll!LdrLoadDll
[ 8b ff 55 8b ec:e9 9b 68 8c fc ]
7703f780-7703f784 5 bytes - ntdll!NtAllocateVirtualMemory (+0xe8d0)
[ b8 18 00 00 00:e9 0b 69 8b fc ]
7703f800-7703f804 5 bytes - ntdll!NtFreeVirtualMemory (+0x80)
[ b8 1e 00 00 00:e9 eb 6c 8b fc ]
7703f8a0-7703f8a4 5 bytes - ntdll!NtMapViewOfSection (+0xa0)
[ b8 28 00 00 00:e9 5b 77 8b fc ]
7703f8c0-7703f8c4 5 bytes - ntdll!NtUnmapViewOfSection (+0x20)
[ b8 2a 00 00 00:e9 cb 7b 8b fc ]
7703f9c0-7703f9c4 5 bytes - ntdll!NtWriteVirtualMemory (+0x100)
[ b8 3a 00 00 00:e9 bb 73 8b fc ]
7703fa10-7703fa14 5 bytes - ntdll!NtReadVirtualMemory (+0x50)
[ b8 3f 00 00 00:e9 ab 74 8b fc ]
7703fa70-7703fa74 5 bytes - ntdll!NtQueueApcThread (+0x60)
[ b8 45 00 00 00:e9 cb 7b 8b fc ]
7703fb20-7703fb24 5 bytes - ntdll!NtProtectVirtualMemory (+0xb0)
[ b8 50 00 00 00:e9 db 6a 8b fc ]
7703fd80-7703fd84 5 bytes - ntdll!NtAlpcConnectPort (+0x260)
[ b8 76 00 00 00:e9 ab 89 8b fc ]
77040e30-77040e34 5 bytes - ntdll!NtSetContextThread (+0x10b0)
[ b8 81 01 00 00:e9 eb 76 8b fc ]
77041290-77041294 5 bytes - ntdll!NtWaitForDebugEvent (+0x460)
[ b8 c7 01 00 00:e9 7b 00 8d fc ]
77041930-77041934 5 bytes - ntdll!KiUserApcDispatcher (+0x6a0)
[ 83 3d 98 77 0e:e9 2b 82 91 fc ]
65 errors : !ntdll (77030eb0-77041934)
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: c07
DUMP_TYPE: 3
APPLICATION_VERIFIER_LOADED: 1
ANALYSIS_SESSION_HOST: HW-WOP-113835
ANALYSIS_SESSION_TIME: 02-05-2020 10:01:43.0660
ANALYSIS_VERSION: 10.0.18362.1 x86fre
THREAD_ATTRIBUTES:
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
OS_LOCALE: ENG
BUGCHECK_STR: MEMORY_CORRUPTION_PATCH_AVRF
DEFAULT_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION
PROBLEM_CLASSES:
ID: [0n98]
Type: [AVRF]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [0] : ntdll!DbgBreakPoint
ID: [0n209]
Type: [MEMORY_CORRUPTION]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
ID: [0n157]
Type: [PATCH]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
LAST_CONTROL_TRANSFER: from 7707a0b9 to 77041900
STACK_TEXT:
00000000 00000000 memory_corruption!ntdll+0x0
STACK_COMMAND: ** Pseudo Context ** ManagedPseudo ** Value: 173e49f0 ** ; kb
THREAD_SHA1_HASH_MOD_FUNC: 646019e7612e819fc8aba56460d68e5912f8f117
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 70e2aeaf8a93e9fa2f653f0a0ed9deec52e32f7e
THREAD_SHA1_HASH_MOD: 7da7fbec386ce361a40d03d69a994bc4836f03e8
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: memory_corruption!ntdll
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_memory_corruption!ntdll
FAILURE_EXCEPTION_CODE: 80000003
IMAGE_NAME: memory_corruption
FAILURE_IMAGE_NAME: memory_corruption
BUCKET_ID_IMAGE_STR: memory_corruption
MODULE_NAME: memory_corruption
FAILURE_MODULE_NAME: memory_corruption
BUCKET_ID_MODULE_STR: memory_corruption
FAILURE_FUNCTION_NAME: ntdll
BUCKET_ID_FUNCTION_STR: ntdll
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 0.0.0.0
BUCKET_ID_PREFIX_STR:
FAILURE_PROBLEM_CLASS: MEMORY_CORRUPTION
FAILURE_SYMBOL_NAME: memory_corruption!ntdll
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_80000003_memory_corruption!ntdll
TARGET_TIME: 2020-02-05T09:56:54.000Z
OSBUILD: 16299
OSSERVICEPACK: 1146
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-08-09 10:57:59
BUILDDATESTAMP_STR: 180808-1748
BUILDLAB_STR: rs3_release_svc
BUILDOSVER_STR: 10.0.16299.637.x86fre.rs3_release_svc.180808-1748
ANALYSIS_SESSION_ELAPSED_TIME: 1c133
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:memory_corruption_patch_avrf_80000003_memory_corruption!ntdll
FAILURE_ID_HASH: {fff25d61-b919-7e8b-df9e-56dec8271fe1}
Followup: MachineOwner
---------
This doesn't mean a lot to me, if anyone has expertise in how to interpret this, your input would be very much appreciated.
[Edit 18-02-2020 Another dump and windbg output]
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Stuff\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 14393 MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)
Machine Name:
Debug session time: Tue Feb 18 10:22:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:41:07.933
Process Uptime: 0 days 0:40:15.000
...............................................................................................
For analysis of this file, run !analyze -v
eax=0000000d ebx=00000000 ecx=0014f96c edx=775d53d0 esi=00000001 edi=00000001
eip=775d53d0 esp=0014f96c ebp=0014fb00 iopl=0 nv up ei pl zr na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000247
ntdll!KiFastSystemCallRet:
775d53d0 c3 ret
回答1:
windbg !handle will provide a summary after displaying individual handles
the summary will show how many handles are there for each type
screenshot below
cmd.exe pid 5124 has 22 handles
the command below attaches windbg to pid non-invasively executes !handle and quits
gnuwin32-awk filters only the relevant data
cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
result
:\>cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
23 Handles
Type Count
Event 2
File 2
Directory 1
WindowStation 2
Key 10
Process 2
Thread 1
Desktop 1
ALPC Port 2
quit:
来源:https://stackoverflow.com/questions/60058273/windows-process-handle-count-continues-to-grow