Even in the most recent version of Windows, the Sysinternals tooling is as useful as ever. This collection of tools provides unique insight into valuable aspects of the operating system including: file and disk, networking, process, security, system, and more.
Typical uses for these tools include:
- Displaying detailed process and system information — with the Process Explorer
- Capturing low-level system events — with the Process Monitor
- Verifying the digital signatures of files and running programs (and of the modules loaded in those programs)
- Inspecting permissions of files, keys, services, shares, and other objects
- Monitoring security-relevant events across your network — with Sysmon
- Generating memory dumps when a process meets specified criteria
- Executing remote processes and closing remotely opened files
- Managing Active Directory objects and tracing LDAP API calls
- Capturing detailed data on processors, memory, and clocks
- Troubleshooting unbootable devices, file-in-use errors, unexplained communication, and other issues
But since the complete scope of Sysinternals is too large for a single post, this article will focus on one specific tool I found particularly handy.
Handle (a feature of the Process Utilities suite)
As the name suggests, this utility displays open handle information for any process in the system.
As a developer, have you ever encountered a situation where a process couldn’t write on a specific file? Here’s an example:
So at this point you’re trying to figure out which process(es) still hold a reference to that resource, right? Sometimes the answer isn’t obvious, even once the usual suspects have been ruled out. This is when a tool like Handle comes in handy. Use it to see which programs have a file open, or to view the object types and names of all handles in a program. It’s a lightweight command line tool and very fast. Its counterpart GUI app, Process Explorer, is also included in Sysinternals.
Sysinternals Suite: https://download.sysinternals.com/files/SysinternalsSuite.zip
Handle can run by typing “Handle” at the command prompt, but only by an administrator.
usage: handle [[-a] [-u] | [-c <handle> [-l] [-y]] | [-s]] [-p <processname>|<pid>> [name]
Once you’ve identified the process or process id(s), it’s easy to take appropriate action.
- Handle: https://docs.microsoft.com/en-us/sysinternals/downloads/handle
- Process Utilities: https://docs.microsoft.com/en-us/sysinternals/downloads/process-utilities
- Sysinternals: https://docs.microsoft.com/en-us/sysinternals/
Is your organization embarking on a digital application transformation? If so, countless technologies and tools must be considered. For help envisioning your transformation, please feel free to reach out. We’d love to assist in your journey.