6.11. Viewing the Handles a Process Has Open

Problem

You want to view all the handles a process has open. This is handy if you want to find out all of the files and registry keys a particular process is using.

Solution

Using a graphical user interface

  1. Open the Sysinternals Process Explorer tool (procexp.exe).

  2. From the menu, select View View Handles.

  3. Click on the process you want to view. In the bottom window, the list of handles being used by that process will be displayed.

Using a command-line interface

To view all of the handles a process has open, use the following command:

> handle -a -p <ProcessName>

You can also search for a specific handle using the following command:

> handle <HandleName>

For example, if you want to find all processes that have the c:\test directory open, you would replace <HandleName> with c:\test.

Using VBScript

There are no scripting interfaces to get this information. To get it programmatically, you must use the Win32 API or .NET Framework, or shell out to the handle utility.

Discussion

Have you ever wanted to see all of the resources a particular process is using? Perhaps you have a new application or service and you want to see what files it touches, what registry keys it has open, what Windows stations it uses, etc. The lovely Process Explorer (and handle.exe command-line equivalent) can give you this and much more. The cool thing about Process Explorer is that it even lets you close a particular handle if you want to; from the bottom window simply right-click ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.