19

What is a process handle and what can we know about a running process through the "handle count" property in a task explorer?

enter image description here

Premraj
  • 385
  • 5
  • 13
BlueGene
  • 2,191
  • 9
  • 29
  • 33

2 Answers2

27

A process handle is an integer value that identifies a process to Windows. The Win32 API calls them a HANDLE; handles to windows are called HWND and handles to modules HMODULE.

Threads inside processes have a thread handle, and files and other resources (such as registry keys) have handles also.

The handle count you see in Task Manager is "the number of object handles in the process's object table". In effect, this is the sum of all handles that this process has open.

If you do not release your handle to a resource, other people may not be able to access it - this is why you sometimes cannot delete a file because Windows claims it is in use (check out this article on handle leaks and Process Explorer).

Also, there is a per-process limit on various handles. Here is an example.

In general, if you are opening handles and not closing them, it is analogous to leaking memory. You should figure out what is going on and fix it. There is a good CodeProject article on handle leaks.

squillman
  • 37,618
  • 10
  • 90
  • 145
crb
  • 7,928
  • 37
  • 53
2

Handle is an integer value which is used to address an Objects. For example:

int handle = open( "foo.txt", OTHER_STUFF_HERE );

open() is System Call returns a handle, a small, non-negative integer for use in subsequent system calls (read(2), write(2), lseek(2), fcntl(2), etc.).

Windows handles are very similar to Unix file descriptors (FDs).

Premraj
  • 385
  • 5
  • 13
  • The windows `open()` syscall is deprecated - https://docs.microsoft.com/en-gb/cpp/c-runtime-library/reference/open – yoniLavi Mar 21 '18 at 01:37