I have a dump of process where the handle count in the process did reached 16 million handles (which is the maximum allowed handles per process). Hence the process got hanged.
From dump (This is second dump where the handle count is high but not max limit.) I get following data :
53778 Handles
Type Count
None 2
Event 238
Section 3
File 84
Port 16
**Directory 53120**
Mutant 35
WindowStation 2
Semaphore 151
Key 42
Token 4
Process 1
0:000> !handle 9735 f
Handle 00009735
Type Directory
Attributes 0x10
GrantedAccess 0x1:
HandleCount 53575
PointerCount 53788
Name \GLOBAL??
No object specific information available
There are many such handles open with Name : \GLOBAL?? 开发者_开发问答and type Directory. Here I want to know in what scenarios do we see this particular handle being created? Is there any way to know the code where the leak is occurring from the full dump?
I believe you are using WinDBG.
If I am not wrong, "\GLOBAL??" indicates that your symbolic link is relates to all sessions. On Win2K it was "\??". Symbolic links and Handles can be local to a session. For an example: I can create a Mutex handle and make it local to each terminal service sessions. This can be done by prefixing the mutex name explicitly with a "Global\" or "Local\" to create the object in the global or local session name space. http://msdn.microsoft.com/en-us/library/ms682411(VS.85).aspx
Is this reproducible? If so, you should try the !htrace extension.
In Windows NT, the old DOS filesystem is essentially a set of shortcuts. This is necessary because it's a multi-user filesystem. Your H:\ drive might differ from someone elses H:\ drive. Hence, both are implemented as shortcuts or symbolic links.
SysInternals Process Monitor has a handle viewm and IIRC can capture a stack dump for each file operation. That of course adds up quickly; you'll need to learn its filters.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论