HandleEx
Have you ever tried to delete a directory and received an Access denied error message for no apparent reason? Perhaps you've experienced a situation in which a particular application runs well on one system but crashes on another, and you're sure that the failure is the result of a DLL versioning problem. You can easily investigate both these problems, in addition to other problems, by using HandleEx. HandleEx is a utility that gives you a list of all the processes executing on a system. Screen 3 shows HandleEx's double-paned UI.
When you click a process in HandleEx's upper pane, the information about the process displays in the lower pane depending on HandleEx's mode of operation. You can use a toolbar button or menu command to choose HandleEx's mode—handle or DLL. When HandleEx is in handle mode, you'll see a list of handles the executing process has open. When a process opens a file, Registry key, synchronization object, or other system resource, NT creates a reference to the resource in an array, called its handle table, that is associated with the process. NT returns the resource entry's index number, called its handle, to the process, so that the process can use the handle to refer to the resource. You can set HandleEx to list handles that specify resources that have names, or to list all of a process' handles, named and unnamed.
HandleEx in DLL mode displays the list of DLLs that a process has loaded. Information HandleEx displays about the DLLs includes the address at which the DLL is loaded in the process' address map, the size of the loaded DLL image, the version number of the DLL, and the full pathname of the DLL's file.
When you receive an
Access denied error message when trying to delete a directory, the error might have occurred because the directory contains one or more files that are open. Such a deletion can also fail because you have a command prompt—either on the local machine or a remote system—for which the directory you want to delete is the current directory. HandleEx has a search feature that lets you quickly see whether either of these cases are the cause of an
Access denied message. To use the feature, you enter part of the directory's name in HandleEx's Find dialog box, and HandleEx will return the names of all files and directories that are open and that match the name you typed in, in addition to the name of the process that opened the file or directory. DLL version mismatches are similarly easy to track. Save the list of DLLs that a properly working application loads on a system, and compare that list to the list from a system on which the application is misbehaving. You can look for version number differences between the lists to find the version mismatches.
HandleEx can also reveal instances of another common application bug: the handle leak. Handle leaks occur when a program opens a resource but fails to close the resource when the program is finished referencing it. Leaks are visible in HandleEx as an abnormally high number of handles in the process that is leaking handles. I used HandleEx to find and report a handle leak in one of NT's device drivers, a problem Microsoft corrected in Service Pack 4 (SP4).
HandleEx uses undocumented functions both to obtain the list of DLLs a process loads and to query the handles the process opens. (HandleEx's source code isn't posted on the Systems Internals Web site.) However, an application can determine a great deal of process- and thread-related information by using documented Performance APIs such as the ones Performance Monitor uses. Microsoft's Win32 software development kit (SDK) includes the full source code to PerfMon. In addition, the ToolHelp32 API, documents functions for enumerating loaded DLLs, is making its appearance in Windows 2000 (Win2K—formerly NT 5.0). Command-line equivalents of HandleEx, ListDLLs, and Handle are available for download at the Systems Internals Web site.
Register
