get information from device path_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-27 04:50 出处：网络

One of our legacy applications is producing resource leaks on 1 specific machine. Over time the overall processor usage increases until the application is closed and restarted.

Using perfmon I found a direct correlation between the process's handle count and the processor usage. This count went up into the thousands and I used SysInternal's handle to expose that all the extra handles (at least during the process running this afternoon when I ran handle) had a path of \Device\00000066.

I want to learn how to disco开发者_如何学运维ver more information about exactly what device the device path is referring to so we know where to go from here. I have strong suspicions that the device is a PIN pad (used during debit transactions), but need proof.

Windows XP sp3.

Resolution After Seva Titov's advice helped me identify it was a USB device, I had one main suspect: a cash drawer. We had the client unplug it and use it manually for a few hours: no constant increase in handles. I looked through that project's code and the developer neglected to close handles to the device after obtaining them. The rapid increase in handles was due to a timer that checked the drawer's status after it was opened to determine when the user had closed it.

Here is how you can get more information on the kernel directory object:

Install LiveKd, install Windows Debugging Tools
Launch LiveKd in the directory that contains kd.exe
Inside LiveKd prompt type this:

    !object \device\00000066

Then use the value that it shows for the object (the first it prints) with !devobj command. This is the example I did on my system -- I picked up a random device with name \device\0000006a as an example (just to confuse you :->)

    0: kd> !object \device\0000006a
Object: fffffa8007959630  Type: (fffffa8006bce2d0) Device
    ObjectHeader: fffffa8007959600 (new version)
    HandleCount: 0  PointerCount: 6
    Directory Object: fffff8a00000b8f0  Name: 0000006a
0: kd> !devobj fffffa8007959630
Device object (fffffa8007959630) is for:
 0000006a \Driver\ACPI DriverObject fffffa8006b25d00
Current Irp 00000000 RefCount 1 Type 00000032 Flags 00003040
Dacl fffff9a100092d31 DevExt fffffa800792e7d0 DevObjExt fffffa8007959780 DevNode fffffa800796db10
ExtensionFlags (0x00000800)
                             Unknown flags 0x00000800
AttachedDevice (Upper) fffffa800907d040 \Driver\i8042prt
Device queue is not busy.

The \driver should give you a hint on what the device is.