Handle Leak Tracking with WinDbg

Here is a short process for isolating handle leak issues for Windows processes using Windbg and the !htrace extension. This requires that you can reproduce the handle leak consistently, and take periodic handle snapshots to where you are leaking.

Notice, similar to memory leaks, it will be normal for some handles to be created during the diff process w/o being closed. You are looking for the large increase of handles that were opened w/o being closed.

1. Ensure you have PDBs generated for as many as the exes, dlls, ocxs as possible when debugging.
2. Start Debugging Tools for Windows -> WinDbg
3. Do Edit->Open/Close Log File. Enter log file path/name and hit ok. (If no path is specified, will be saved under the Debugging Tools for Windows folder)
4. Do File -> Attach to a Process
5. Choose the process, make sure noninvasive is not checked (default)
6. Debugger should now be attached to the process and the process paused
7. In the command window, type '!htrace -enable' to enable handle tracing
8. Cmd Window: Type '!handle' to get each handles id and type, and list of handle counts
9. Cmd Window: Type '!htrace -diff' to show the differences between the last '!htrace -snapshot' and the current handles. Note the first time this is run, diffs will show empty
10. Cmd Window: Type '!htrace -snapshot' to take a new snapshot for use in the next round of testing
11. Cmd Window: Type 'g' to get the process running again
12. Test the application again, monitoring perfmon or task manager for an increase in handles, once a suitable increase is present, continue
13. Goto Debug -> Break
14. Repeat steps 8-13 as many times as necessary in order to get appropriate handle data
15. Do Edit->Open/Close Log File & select the 'Close Open Log File' button.

Once this is complete, in the !htrace diff output, you should see the stack trace of your code that most likely leaked the handle.