|
Last
updated January 15, 2001 v3.1
|
|
  |
|
|
Ever wondered
which program has a particular file or directory
open? Now you can find out. HandleEx shows
you information about which handles and DLLs processes
have opened or loaded. Its display consists of two
sub-windows. The top always shows a list of the
currently active processes, including the names
of their owning accounts, whereas the information
displayed in the bottom window depends on the mode
that HandleEx is in: if it is in handle mode
on Windows NT/2K you’ll see the handles that
the process selected in the top window has opened
- if you're on Windows 9x/Me you'll see the list
of files and directories the process has opened;
if HandleEx is in DLL mode you’ll see
the DLLs and memory-mapped files that the process
has loaded. HandleEx also has a powerful
search capability that will quickly show you which
processes have particular handles opened or DLLs
loaded.
The unique capabilities of HandleEx
make it useful for tracking down DLL-version problems
or handle leaks, and provide insight into the way
Windows and applications work.
What's new in Version 3.1:
- Process icons
- Refresh highlighting: new entries in the process,
handle and DLL views are green, and deleted
ones red
- Listview tooltips
- DLL descriptions in the DLL view
- Highlights relocated DLLs
- Jump-to-entry in the find dialog
- Efficient refresh
- Runs on Windows 9x/Me
HandleEx works on Windows 9x/Me, Windows
NT 4.0, Windows 2000 and Whistler Beta 1.
|
|
Simply run HandleEx
(handleex.exe). On Windows NT/2K, HandleEx
requires that your account have the "load driver"
and "debug" privileges.
HandleEx will remember its window positions
and the mode that it was in each time you exit it,
and initialize with these settings when started
again. |
|
If you right-click on
a process HandleEx will pop-up a context-menu
that will let you view additional CPU and memory-related
properties of the process, or immediately terminate
the process. Alternately, you can use toolbar buttons
or menu entries to accomplish the same tasks.
|
|
When HandleEx is in handle mode you'll
see the names of all the named objects that
a selected process has open if you're running
on Windows NT/2K, and the names of the files
a process has opened if you're running on
Windows 9x/Me. You can use the tab key to
move the focus between the handle and process
windows.
On Windows NT/2K, select the Options|Show
Unnamed Handles menu item or toolbar button
to see all the process' handles, both named
and un-named. You can toggle this mode on
and off according to what you want to see.
Right-clicking on a handle brings up a menu
that lets you forcibly close a handle -
you should only use this in extreme circumstances
because doing so may result in an application
or system crash.
Also on Windows NT/2K Processes and threads
are treated as named objects, so you will
be shown the process name and, in parenthesis,
the process identifier of processes referenced
by handles. For thread handles you will
be shown the corresponding thread's process
name and ID, as well as the thread's ID.
|
|
|
Select the “View DLLs” menu item
or the equivalent toolbar button to switch
to DLL mode. In this mode loaded DLLs are
listed in the bottom window. . If you double-click
on a DLL, or press the properties toolbar
button, HandleEx will present a properties
dialog with detailed version information.
If you're running on Windows NT/2K, the
"MM" column indicates whether
the corresponding file has been memory-mapped
rather than loaded as a module. This corresponds
to an applications use of MapViewOfFile.
If a file is memory-mapped the base and
size columns indicate the virtual address
range where the file has been mapped. If
you are unable to delete a file and don’t
find any handle references to it, the file
may have been memory mapped, since WinNT/2K
does not let memory mapped files be deleted
or portions of a file that have been mapped
be truncated.
Select the Options|Highlight Relocated
DLLs to have HandleEx highlight any DLLs
that were not loaded at their default base
address in yellow. This feature is intended
to help developers define base addresses
for their DLLs that result in no conflicts
and therefore speed load times.
|
|
| The F5 key or
the "Refresh" menu item will cause
HandleEx to rescan process, DLL and
handle information. When you perform a refresh
HandleEx highlights entries that existed
before the refresh but not after in red. HandleEx
shows entries that are new after the refresh
in green. For example, if you start a new
process, that process will display in green.
This feature makes it easier to see what’s
changed across a refresh, and to find handle
leaks. |
|
You can search
for processes that have particular DLLs loaded
or handles opened. The search dialog is activated
with the search toolbar button or its menu
item. Enter a substring in the edit box of
the search dialog and select the "Search"
button. If HandleEx is in handle mode
it will search for opened handles that contain
the substring, but if it is in DLL mode it
will search for loaded DLLs that have the
substring in their path name. In either case,
all handles or DLLs are scanned, not just
those of the currently selected process.
Selecting an entry in the result-pane of the
find dialog causes HandleEx to locate
and display in the process and handle or DLL
view (as appropriate), the lines corresponding
to the entry you select. |
|
| Here are some
other handle and DLL viewing tools available
at Sysinternals:
|
|
|
Download
HandleEx (67 KB)
Download
HandleEx for Compaq Alpha (69 KB)
Back to Top |
|
|
|
|
