How to find kernel handles leaks

One of my customers was looking for a way to find out if an application was leaking kernel objects or not during specific worklows. The first tool to look at is the Swiss knife ProcessExplorer from SysInternals.

When you select a process, the lower pane lets you see which kernel objects has been created with a lot of informations such as their handle, type and details. So, how to use ProcessExplorer to identify a leak? Simply by stopping the automatic refresh

and pressing the F5 key to refresh the kernel objects list. When a new object is created since the last refresh, it appears in green

or  it appears in red when it has been closed

However, this green/red dance does not support more than one comparison ara a time and it is not possible to keep track of the different snapshots along the way. This is why I’ve written Kernel Handle Leak Shell. This tool share many features with LeakShell that helps you find out which instances of managed types stay referenced over time:

• take snapshots of kernel objects consumption at will
• show the kernel objects count evolution in a graphical way
• define new reference and current snapshots to trigger a comparison

but also bring new ones such as :

• select a process to study
• see the New, Same and Deleted objects between two snapshots
• sort the lists by handle, kind or details
• see the handles for a given snapshot by double-clicking it in the list

The engine used by this tool to list the kernel objects of a given process is handle.exe, another executable provided by Mark Russinovich on SysInternals. I’m simply redirecting the output of this console application into a string before parsing it to build my own internal list of kernel objects.

Download KernelLeakShell 1.0

The only prerequisite is to download handle.exe from SysInternals on top of the .NET Framework 4.0 for the DataGrid and the WPF Toolkit (included into the downloadable .zip) for the chart.

References:

• How to redirect process output

I hope this helps.

About these ads