It may, from time to time, be useful to determine what program has a handle to a certain resource open. The most well-known type of handle is a file handle, but there can be handles to all manner of objects, like registry keys, desktops, and processes.
Process Explorer has a pane in its window specifically for handles, but you have to enable it by checking Show Lower Pane under View and making sure that Lower Pane View is set to Handles. Clicking on a process running under a security context you have access to produces a list of handles that process has open. You can search for a handle by using Find Handle or DLL under Find; it will search the Name column of the handles pane, so you can search for files, processes, or anything that has a unique name.
Aside: Process handles are interesting because a process won't vanish from Task Manager until [1] it exits/terminates and [2] all handles to it and its threads are closed. Therefore, it's possible for programs to keep the corpse of a dead process around by leaking/holding handles to the process object.
No comments:
Post a Comment