0

I'm banging my head against the wall to come up with a solution/tool to monitor process handles.

I know there's process explorer and handle from sysinternals tools but what I'm trying to achieve here is execute a given process via powershell/cmd, monitor the handles throughout the whole execution and keep track of all the handles that have been opened(even if they're close at some point)

I have thought about automating handle from sysinternals so it runs every X seconds but that would be, first of all too time/memory consuming and most likely could cause race conditions with the process from which the handles are being dumped(plus it also might miss handles if they're created and closed before it runs)

Any suggestions or ideas that I could go for?

To summarize: A tool that can register all the handles that a given process used from start to finish.

Thanks in advance!

Jose Maria Garcia
  • 1
  • 4
  • `wpr.exe -start Handle`, repro, then `wpr.exe -stop C:\handle.etl`. Use WPA to consider the handle usage of the process for the time captured. You can see the stacks of handle creation and which process closes the handle during the trace if one did. – HelpingHand Jun 03 '22 at 20:31

1 Answers1

0

You can use WinDbg debugger and the htrace command to automate this.

Mario Hewardt
  • 126
  • 1
  • 3