!htrace shows no callstack

Question

When I use !htrace -diff in WinDbg to debug a handle leak, I get a lot of handles (probably the ones that are leaking) that do not show a callstack:

What could be a reason for this and what options do I have to debug this further?

Handle = 0x000273e4 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273e0 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273dc - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273d8 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273d4 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273d0 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273cc - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273c8 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273c4 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273c0 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273bc - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273b8 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273b4 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273b0 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273ac - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273a8 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------
Handle = 0x000273a4 - OPEN
Thread ID = 0x00001190, Process ID = 0x0000114c

--------------------------------------

Update: The handle leak seems to be depending on graphic drivers or graphic cards. It starts to leak when I use any form of WPF it only leaks on some Windows XP systems with a certain graphic cards/drivers.

What is the OS you are running on ? Is this a dump or a live debugging ? Did you call '!htrace -enable' before ? — Thierry Franzetti, Oct 10 '11 at 19:54
Windows XP, yes I did call `!htrace -enable` There is another clue: The handle leak seems to be depending on graphic drivers or graphic cards. It starts to leak when I use any form of WPF it only leaks on some Windows XP systems with a certain graphic cards/drivers. — bitbonk, Oct 11 '11 at 05:25
You can use '!handle 0x000273c4 0xf' to see more information on the particular 0x000273c4 handle. You'll then know if the type of the handle is the kind you are looking for. If the leaks are relative to GDI, they are handled by another handle pool and not in the list you can reach with !handle. GDI leaks are painful and I don't know any documented way to track them. You can try this tool (http://www.nirsoft.net/utils/gdi_handles.html) from NirSoft to see if you are able to narrow down the problem. — Thierry Franzetti, Oct 11 '11 at 07:12
If your system detect tools from NirSoft as Adware, you can also try this one : http://0memory.blogspot.com/2011/01/leakmon-track-handle-leak-gdi-leak-and.html — Thierry Franzetti, Oct 11 '11 at 07:20
According to `handle.exe` (http://technet.microsoft.com/en-us/sysinternals/bb896655) the type of handles that leak are of type `Process`. `!handle 0x000273c4 0xf` does not yield any additonal information. — bitbonk, Oct 11 '11 at 07:23

score 1 · Accepted Answer · answered Oct 21 '11 at 21:26

Calls are performed in kernel mode by ZwOpenProcess routine (http://msdn.microsoft.com/en-us/library/windows/hardware/ff567022(v=vs.85).aspx) and not followed by a ZwClose call. Then the handle leaks. You don't see the callstacks because they are only available when calls are performed from user mode (OpenProcess / CloseHandle).

On an XP SP3, it seems difficult to find the culprit. The solution would be to use the 'Object reference tracing' functionality built in the OS, but this path is paved with issues (see http://www.osronline.com/showthread.cfm?link=198302 for further references). Since you found out this issue arises only when a particular video card is present, you can try to contact the vendor or check for a newer version of the driver.

!htrace shows no callstack

1 Answers1