!htrace
Brief introduction
! Htrace extended display stack trace information for one or more handles.
Use the form
- 用户模式
!htrace [Handle [Max_Traces]]
!htrace -enable [Max_Traces]
!htrace -snapshot
!htrace -diff
!htrace -disable
!htrace -? - Kernel mode
! HTRACE [ the Handle [ Process [ Max_Traces ]]] - !htrace -?
parameter
- Handle
Specifies the handle to show its stack trace. If Handle is 0 or omitted, the process handles all stack trace is displayed. - Process
(Kernel mode only) processes whose handle will be displayed. If the process is zero or omitted, the current process. In user mode, always use the current process. - Max_Traces
specify the stack trace to display the maximum number. In user mode, if you omit this parameter, all of the target process stack trace is displayed. - -enable
(User mode only) to enable the handle tracking, and option by -diff first snapshot handle information used as the initial state. - -SNAPSHOT
(User mode only) to take a snapshot of the current handle information, to be used as the initial state -diff options. - -diff
(User mode only) The current handle information and handle information obtained by comparing the last snapshot. Show all still open handles. - -disable
(user mode only; Windows Server 2003 and later versions only) disables handle tracking. In WindowsXP, the only goal of the termination process can handle tracking is disabled. - -?
Show this extension of some brief help text in the debugger command window.
Support Environment
| Windows 2000 |
unavailable |
| Windows XP and later versions |
Kdexts Ntsdexts |
Remark
When you enable tracking handle to use! Htrace. A method of tracking is enabled handle input! Htrace-enable command. When you enable tracking handle each process opens a handle, the handle is closed or when the handle is invalid references, will save the stack trace information. This is the stack trace! Htrace display. Handles can also select the option and by activating the target process to enable Application Verifier handle tracking.
The ! Htrace some tracking report may come from a different process context. In this case, the return address may not resolve correctly in the context of the current process, or may be resolved to the wrong symbol.
The following example displays information about all handles in the process of 0x81400300:
kd> !htrace 0 81400300
Process 0x81400300
ObjectTable 0xE10CCF60
##
Handle 0x7CC - CLOSE:
0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103
0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4
0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85
0x801E1EDD: ntoskrnl!NtClose+0x19
0x010012C1: badhandle!mainCRTStartup+0xE3
## 0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D
Handle 0x7CC - OPEN:
0x8018F44A: ntoskrnl!ExCreateHandle+0x94
0x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C
0x801E7317: ntoskrnl!ObInsertObject+0xC3
0x77DE23B2: KERNEL32!CreateSemaphoreA+0x66
0x010011C5: badhandle!main+0x45
0x010012C1: badhandle!mainCRTStartup+0xE3
## 0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D
Handle 0x7DC - BAD REFERENCE:
0x8018F709: ntoskrnl!ExMapHandleToPointerEx+0xEA
0x801E10F2: ntoskrnl!ObReferenceObjectByHandle+0x12C
0x801902BE: ntoskrnl!NtSetEvent+0x6C
0x80154965: ntoskrnl!_KiSystemService+0xC4
0x010012C1: badhandle!mainCRTStartup+0xE3
## 0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D
Handle 0x7DC - CLOSE:
0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103
0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4
0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85
0x801E1EDD: ntoskrnl!NtClose+0x19
0x010012C1: badhandle!mainCRTStartup+0xE3
## 0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D
Handle 0x7DC - OPEN:
0x8018F44A: ntoskrnl!ExCreateHandle+0x94
0x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C
0x801E7317: ntoskrnl!ObInsertObject+0xC3
0x77DE265C: KERNEL32!CreateEventA+0x66
0x010011A0: badhandle!main+0x20
0x010012C1: badhandle!mainCRTStartup+0xE3
0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D
##
Parsed 0x6 stack traces.
Dumped 0x5 stack traces.