Skip to main content

Handle v4.0

By Mark Russinovich

Published: September 11, 2014

 Download Handle
 (255 KB)

Rate:  
 

Introduction

Ever wondered which program has a particular file or directory open? Now you can find out. Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.

You can also get a GUI-based version of this program, Process Explorer, here at Sysinternals.

Installation

You run Handle by typing "handle". You must have administrative privilege to run Handle.

Usage

Handle is targetted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior.

usage: handle [[-a] [-u] | [-c <handle> [-l] [-y]] | [-s]] [-p <processname>|<pid>> [name]

-aDump information about all types of handles, not just those that refer to files. Other types include ports, Registry keys, synchronization primitives, threads, and processes.
-cCloses the specified handle (interpreted as a hexadecimal number). You must specify the process by its PID.
WARNING: Closing handles can cause application or system instability.
-lDump the sizes of pagefile-backed sections.
-yDon't prompt for close handle confirmation.
-sPrint count of each type of handle open.
-uShow the owning user name when searching for handles.
-pInstead of examining all the handles in the system, this parameter narrows Handle's scan to those processes that begin with the name process. Thus:

handle -p exp

would dump the open files for all processes that start with "exp", which would include Explorer.
name

This parameter is present so that you can direct Handle to search for references to an object with a particular name.
For example, if you wanted to know which process (if any) has "c:\windows\system32" open you could type:

handle windows\system

The name match is case-insensitive and the fragment specified can be anywhere in the paths you are interested in.

Handle Output

When not in search mode (enabled by specifying a name fragment as a parameter), Handle divides its output into sections for each process it is printing handle information for. Dashed lines are used as a separator, immediately below which you will see the process name and its process id (PID). Beneath the process name are listed handle values (in hexadecimal), the type of object the handle is associated with, and the name of the object if it has one.

When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.

More Information

You can find more information on the Object Manager in Windows Internals, 4th Edition or by browsing the Object Manager name-space with WinObj.

Microsoft Handle KB Articles

The following Microsoft KB articles reference Handle for diagnosing or troubleshooting various problems:

 

No

Download Handle
(255 KB)

 

Download

No


Download Handle

(255 KB)


Runs on:

  • Client: Windows XP and higher.
  • Server: Windows Server 2003 and higher.

Related Tools

Here are some other monitoring tools available at Sysinternals:

  • Process Explorer - a GUI-based DLL and handle viewer for Win9x/Me and NT/Win2K
  • ListDLLs - a command-line DLL viewer for Win9x/Me and NT/Win2K