get information from device path
One of our legacy applications is producing resource leaks on 1 specific machine. Over time the overall processor usage increases until the application is closed and restarted.
Using perfmon
I found a direct correlation between the process's handle count and the processor usage. This count went up into the thousands and I used SysInternal's handle
to expose that all the extra handles (at least during the process running this afternoon when I ran handle
) had a path of \Device\00000066
.
I want to learn how to disco开发者_如何学运维ver more information about exactly what device the device path is referring to so we know where to go from here. I have strong suspicions that the device is a PIN pad (used during debit transactions), but need proof.
Windows XP sp3.
Resolution After Seva Titov's advice helped me identify it was a USB device, I had one main suspect: a cash drawer. We had the client unplug it and use it manually for a few hours: no constant increase in handles. I looked through that project's code and the developer neglected to close handles to the device after obtaining them. The rapid increase in handles was due to a timer that checked the drawer's status after it was opened to determine when the user had closed it.
Here is how you can get more information on the kernel directory object:
- Install LiveKd, install Windows Debugging Tools
- Launch LiveKd in the directory that contains kd.exe
- Inside LiveKd prompt type this:
!object \device\00000066
Then use the value that it shows for the object (the first it prints) with !devobj command. This is the example I did on my system -- I picked up a random device with name \device\0000006a as an example (just to confuse you :->)
0: kd> !object \device\0000006a Object: fffffa8007959630 Type: (fffffa8006bce2d0) Device ObjectHeader: fffffa8007959600 (new version) HandleCount: 0 PointerCount: 6 Directory Object: fffff8a00000b8f0 Name: 0000006a 0: kd> !devobj fffffa8007959630 Device object (fffffa8007959630) is for: 0000006a \Driver\ACPI DriverObject fffffa8006b25d00 Current Irp 00000000 RefCount 1 Type 00000032 Flags 00003040 Dacl fffff9a100092d31 DevExt fffffa800792e7d0 DevObjExt fffffa8007959780 DevNode fffffa800796db10 ExtensionFlags (0x00000800) Unknown flags 0x00000800 AttachedDevice (Upper) fffffa800907d040 \Driver\i8042prt Device queue is not busy.
The \driver should give you a hint on what the device is.
精彩评论