Windows 进程句柄数继续增长

Windows process handle count continues to grow

我正在 Windows 10 上开发一个 C++ 项目,我注意到随着时间的推移与进程关联的句柄增加并继续增长。

在网上搜索了一个原因我不确定这是否意味着该进程有内存泄漏或者这是否正常。

分配内存然后释放内存时,我会看到句柄增加和减少吗?

我一直在使用它,因为我正在努力寻找原因: https://docs.microsoft.com/en-us/archive/blogs/markrussinovich/pushing-the-limits-of-windows-handles

我找不到对任何在代码中创建句柄的调用。

[编辑]使用windbg打开转储的进程内容:

Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\u49100\Downloads\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
16299.637.x86fre.rs3_release_svc.180808-1748
Machine Name:
Debug session time: Wed Feb  5 09:56:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:44:55.871
Process Uptime: 0 days 0:02:30.000
................................................................
.....................................
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
For analysis of this file, run !analyze -v
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
ntdll!DbgBreakPoint:
77041900 cc              int     3
0:075> !analyze -v
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for PlatformSG.dll
*** WARNING: Unable to verify checksum for ManagementServiceGroup.exe
*** WARNING: Unable to verify checksum for SlaveCommsSG.dll
*** WARNING: Unable to verify checksum for CalibrationFramework.dll
*** WARNING: Unable to verify checksum for SPLINTServer.dll
*** WARNING: Unable to verify checksum for TCPIPManager.dll
*** WARNING: Unable to verify checksum for MillikanFaults.dll
*** WARNING: Unable to verify checksum for MillikanCalibration.dll
*** WARNING: Unable to verify checksum for HBC.dll
*** WARNING: Unable to verify checksum for Machine.dll
*** WARNING: Unable to verify checksum for Vibrator.dll
*** WARNING: Unable to verify checksum for TelnetServer.dll
*** WARNING: Unable to verify checksum for UserDefects.dll
*** WARNING: Unable to verify checksum for HBCStatCollector.dll
*** WARNING: Unable to verify checksum for StatisticsArchiver.dll
*** WARNING: Unable to verify checksum for SplintVibratorCalibration.dll
*** WARNING: Unable to verify checksum for StatisticsHistorian.dll
*** WARNING: Unable to verify checksum for ModeManager.dll
*** WARNING: Unable to verify checksum for SPLINTStatDistributor.dll
*** WARNING: Unable to verify checksum for IOMillikan.dll
*** WARNING: Unable to verify checksum for ProcessControlSG.dll
*** WARNING: Unable to verify checksum for CameraGroup.dll
*** WARNING: Unable to verify checksum for ComponentLifeMonitor.dll

KEY_VALUES_STRING: 1

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 2695

    Key  : Timeline.Process.Start.DeltaSec
    Value: 150

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
    Name: <blank>
    Time: 2020-02-05T10:01:43.660Z
    Diff: 289660 mSec

Timeline: Dump.Current
    Name: <blank>
    Time: 2020-02-05T09:56:54.0Z
    Diff: 0 mSec

Timeline: Process.Start
    Name: <blank>
    Time: 2020-02-05T09:54:24.0Z
    Diff: 150000 mSec

Timeline: OS.Boot
    Name: <blank>
    Time: 2020-02-05T09:11:59.0Z
    Diff: 2695000 mSec

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000244
ntdll!DbgBreakPoint:
77041900 cc              int     3
Resetting default scope

FAULTING_IP: 
ntdll!DbgBreakPoint+0
77041900 cc              int     3

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 77041900 (ntdll!DbgBreakPoint)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 00000000

PROCESS_NAME:  ManagementServiceGroup.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

EXCEPTION_CODE_STR:  80000003

EXCEPTION_PARAMETER1:  00000000

WATSON_BKT_PROCSTAMP:  5e38030b

WATSON_BKT_MODULE:  ntdll.dll

WATSON_BKT_MODSTAMP:  7b4896c1

WATSON_BKT_MODOFFSET:  71900

WATSON_BKT_MODVER:  10.0.16299.936

MODULE_VER_PRODUCT:  Microsoft® Windows® Operating System

BUILD_VERSION_STRING:  16299.637.x86fre.rs3_release_svc.180808-1748

MODLIST_WITH_TSCHKSUM_HASH:  70177fe8843802a721ebc9381c39ea0930d91d47

MODLIST_SHA1_HASH:  88c13d9b0d70b5ff412cbabd039482499bc59744

NTGLOBALFLAG:  1100

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  80000004

CHKIMG_EXTENSION: !chkimg -lo 50 -d !ntdll
    77030eb0-77030eb4  5 bytes - ntdll!LdrLoadDll
      [ 8b ff 55 8b ec:e9 9b 68 8c fc ]
    7703f780-7703f784  5 bytes - ntdll!NtAllocateVirtualMemory (+0xe8d0)
      [ b8 18 00 00 00:e9 0b 69 8b fc ]
    7703f800-7703f804  5 bytes - ntdll!NtFreeVirtualMemory (+0x80)
      [ b8 1e 00 00 00:e9 eb 6c 8b fc ]
    7703f8a0-7703f8a4  5 bytes - ntdll!NtMapViewOfSection (+0xa0)
      [ b8 28 00 00 00:e9 5b 77 8b fc ]
    7703f8c0-7703f8c4  5 bytes - ntdll!NtUnmapViewOfSection (+0x20)
      [ b8 2a 00 00 00:e9 cb 7b 8b fc ]
    7703f9c0-7703f9c4  5 bytes - ntdll!NtWriteVirtualMemory (+0x100)
      [ b8 3a 00 00 00:e9 bb 73 8b fc ]
    7703fa10-7703fa14  5 bytes - ntdll!NtReadVirtualMemory (+0x50)
      [ b8 3f 00 00 00:e9 ab 74 8b fc ]
    7703fa70-7703fa74  5 bytes - ntdll!NtQueueApcThread (+0x60)
      [ b8 45 00 00 00:e9 cb 7b 8b fc ]
    7703fb20-7703fb24  5 bytes - ntdll!NtProtectVirtualMemory (+0xb0)
      [ b8 50 00 00 00:e9 db 6a 8b fc ]
    7703fd80-7703fd84  5 bytes - ntdll!NtAlpcConnectPort (+0x260)
      [ b8 76 00 00 00:e9 ab 89 8b fc ]
    77040e30-77040e34  5 bytes - ntdll!NtSetContextThread (+0x10b0)
      [ b8 81 01 00 00:e9 eb 76 8b fc ]
    77041290-77041294  5 bytes - ntdll!NtWaitForDebugEvent (+0x460)
      [ b8 c7 01 00 00:e9 7b 00 8d fc ]
    77041930-77041934  5 bytes - ntdll!KiUserApcDispatcher (+0x6a0)
      [ 83 3d 98 77 0e:e9 2b 82 91 fc ]
65 errors : !ntdll (77030eb0-77041934)

PRODUCT_TYPE:  1

SUITE_MASK:  272

DUMP_FLAGS:  c07

DUMP_TYPE:  3

APPLICATION_VERIFIER_LOADED: 1

ANALYSIS_SESSION_HOST:  HW-WOP-113835

ANALYSIS_SESSION_TIME:  02-05-2020 10:01:43.0660

ANALYSIS_VERSION: 10.0.18362.1 x86fre

THREAD_ATTRIBUTES: 
ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

OS_LOCALE:  ENG

BUGCHECK_STR:  MEMORY_CORRUPTION_PATCH_AVRF

DEFAULT_BUCKET_ID:  MEMORY_CORRUPTION_PATCH_AVRF

PRIMARY_PROBLEM_CLASS:  MEMORY_CORRUPTION

PROBLEM_CLASSES: 

    ID:     [0n98]
    Type:   [AVRF]
    Class:  Addendum
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [0x4254]
    TID:    [0x445c]
    Frame:  [0] : ntdll!DbgBreakPoint

    ID:     [0n209]
    Type:   [MEMORY_CORRUPTION]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [0x4254]
    TID:    [0x445c]
    Frame:  [Unspecified]

    ID:     [0n157]
    Type:   [PATCH]
    Class:  Addendum
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [0x4254]
    TID:    [0x445c]
    Frame:  [Unspecified]

LAST_CONTROL_TRANSFER:  from 7707a0b9 to 77041900

STACK_TEXT:  
00000000 00000000 memory_corruption!ntdll+0x0


STACK_COMMAND:  ** Pseudo Context ** ManagedPseudo ** Value: 173e49f0 ** ; kb

THREAD_SHA1_HASH_MOD_FUNC:  646019e7612e819fc8aba56460d68e5912f8f117

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  70e2aeaf8a93e9fa2f653f0a0ed9deec52e32f7e

THREAD_SHA1_HASH_MOD:  7da7fbec386ce361a40d03d69a994bc4836f03e8

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  memory_corruption!ntdll

FOLLOWUP_NAME:  MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  MEMORY_CORRUPTION_PATCH_AVRF_memory_corruption!ntdll

FAILURE_EXCEPTION_CODE:  80000003

IMAGE_NAME:  memory_corruption

FAILURE_IMAGE_NAME:  memory_corruption

BUCKET_ID_IMAGE_STR:  memory_corruption

MODULE_NAME: memory_corruption

FAILURE_MODULE_NAME:  memory_corruption

BUCKET_ID_MODULE_STR:  memory_corruption

FAILURE_FUNCTION_NAME:  ntdll

BUCKET_ID_FUNCTION_STR:  ntdll

BUCKET_ID_OFFSET:  0

BUCKET_ID_MODTIMEDATESTAMP:  0

BUCKET_ID_MODCHECKSUM:  0

BUCKET_ID_MODVER_STR:  0.0.0.0

BUCKET_ID_PREFIX_STR:  

FAILURE_PROBLEM_CLASS:  MEMORY_CORRUPTION

FAILURE_SYMBOL_NAME:  memory_corruption!ntdll

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_PATCH_AVRF_80000003_memory_corruption!ntdll

TARGET_TIME:  2020-02-05T09:56:54.000Z

OSBUILD:  16299

OSSERVICEPACK:  1146

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x86

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  2014-08-09 10:57:59

BUILDDATESTAMP_STR:  180808-1748

BUILDLAB_STR:  rs3_release_svc

BUILDOSVER_STR:  10.0.16299.637.x86fre.rs3_release_svc.180808-1748

ANALYSIS_SESSION_ELAPSED_TIME:  1c133

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:memory_corruption_patch_avrf_80000003_memory_corruption!ntdll

FAILURE_ID_HASH:  {fff25d61-b919-7e8b-df9e-56dec8271fe1}

Followup:     MachineOwner
---------

这对我来说意义不大,如果有人在如何解释这个方面有专业知识,我们将不胜感激。

[编辑 18-02-2020 另一个转储和 windbg 输出]

    Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
    Copyright (c) Microsoft Corporation. All rights reserved.        

    Loading Dump File [D:\Stuff\ManagementServiceGroup.dmp]
    User Mini Dump File with Full Memory: Only application data is available

    Symbol search path is: srv*
    Executable search path is: 
    Windows 10 Version 14393 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: SingleUserTS
    10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)
    Machine Name:
    Debug session time: Tue Feb 18 10:22:54.000 2020 (UTC + 0:00)
    System Uptime: 0 days 0:41:07.933
    Process Uptime: 0 days 0:40:15.000
    ...............................................................................................
    For analysis of this file, run !analyze -v
    eax=0000000d ebx=00000000 ecx=0014f96c edx=775d53d0 esi=00000001 edi=00000001
    eip=775d53d0 esp=0014f96c ebp=0014fb00 iopl=0         nv up ei pl zr na pe cy
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000247
    ntdll!KiFastSystemCallRet:
    775d53d0 c3              ret

windbg !handle 将在显示单个句柄后提供摘要

摘要将显示每种类型有多少句柄

截图如下
cmd.exe pid 5124 有 22 个句柄
下面的命令将 windbg 附加到 pid 非侵入性地执行 !handle 并退出
gnuwin32-awk 仅过滤相关数据

cdb -pv -c "!handle;q" -p 5124  | awk "/Handles/,/quit/"

结果

:\>cdb -pv -c "!handle;q" -p 5124  | awk "/Handles/,/quit/"
23 Handles
Type            Count
Event           2
File            2
Directory       1
WindowStation   2
Key             10
Process         2
Thread          1
Desktop         1
ALPC Port       2
quit: