TalkBackVideo Understanding handle leaks and How to use !htrace to find them

Written by Jeff Dailey


Hello, my name is Jeff Dailey, I’m an Escalation Engineer for the Global Escalation Services Platforms team. I’d like to show you how to debug and find leaking handles within your application or other process. We can do this with the !htrace command in windbg . Windbg is the Microsoft Windows Debugger most of us use in GES/CPR for debugging.   


Handles are a value we use in user mode, that when passed to a call that transitions to kernel, are used as an offset in your handle table to reference kernel mode objects. Kernel mode objects are generally allocated from pool. If you are having pool consumption problems and seeing errors like 2020 or 2019’s reported there is a good chance you may have a handle leak associated with them. This is generally due to not doing a CloseHandle() on the handle when you have finished using it.

You can vide the channel9 "how to debug handle leaks" video here


The following is the sample source for a handle leak that we will be debugging in our demo video.


// leakyhandles.cpp : Defines the entry point for the console application.


#include "stdafx.h"

#include <windows.h>

void fun1(void);

void fun2(void);

void fun3(void);

void fun4(void);

int main(int argc, char* argv[])








      return 0;


void fun1(void)




void fun2(void)




void fun3(void)


      HANDLE hEvent;

      hEvent = CreateEvent(NULL,TRUE,TRUE,NULL);



void fun4(void)


    HANDLE hEvent2;

      hEvent2 = CreateEvent(NULL,TRUE,TRUE,NULL);



Thank you.

Jeff Dailey

Escalation Engineer (Platforms core team)