Monthly Archives: May 2008

Closing open file handles

Posted on by

Every now and then we have problems deleting or changing permissions on a file because it is open by a process. However, we often times have trouble finding that process. There is a neat sysinternals (now MS) utility called “handle” that will show you all open handles on a file, and, more importantly, let you close that handle. Below is the syntax of how to find the handle, and close it:

To find the handle:

O:\Tools>handle C:\Test\Example.dll

Handle v3.31
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

svchost.exe        pid: 1388    240: C:\Test\Example.dll

The above output shows us the name of the process, the pid, and file handle (in hex) and the file name. If we wanted to see all handles by a particular process, we could use the –p option:

O:\Tools>handle -p 1388

Handle v3.31
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

8: File  (—)   C:\WINDOWS\System32
74: File  (—)   C:\WINDOWS\System32\en-US\svchost.exe.mui
194: Section       \BaseNamedObjects\__ComCatalogCache__
198: Section       \BaseNamedObjects\__ComCatalogCache__
1A4: File  (—)   C:\WINDOWS\Registration\R00000000000f.clb
1B0: File  (—)   C:\WINDOWS\System32\en-US\crypt32.dll.mui
1B4: File  (—)   C:\WINDOWS\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6
1C0: File  (—)   C:\WINDOWS\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6
1CC: File  (—)   C:\WINDOWS\System32\inetsrv\config\schema
1D8: File  (—)   C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CONFIG
1DC: File  (—)   C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\CONFIG
1E0: File  (—)   C:\WINDOWS\System32\inetsrv\config
1E8: Section       \RPC Control\DSEC56c
1FC: File  (—)   C:\WINDOWS\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6
200: Section       \BaseNamedObjects\windows_shell_global_counters
240: File  (—)   C:\Test\Example.dll
264: File  (—)   C:\WINDOWS\System32\en-US\kernel32.dll.mui
284: File  (—)   C:\WINDOWS\System32\inetsrv\config

This happens to be a Windows 2008 box, so I can take it one step further and find the service via task manager:

Process

Since we need to delete or change this file and windows is not allowing me to since it is locked by the FTP service, I can forcefully close the handle by specifying the handle and pid (*Note: This should be used with care as it can cause the process to crash. Consider using this as a last resort instead of restarting a service or rebooting to free the lock):

O:\Tools>handle -c 240 -p 1388

Handle v3.31
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals – http://www.sysinternals.com/

240: File  (—)   C:\Test\Example.dll
Close handle 240 in svchost.exe (PID 1388)? (y/n) y

Handle closed.

The file can now be modified/deleted.

Using IIS Debug Diagnostics to troubleshoot Worker Process CPU usage in II6

Posted on by

Failed request tracing in IIS7 can help track down many performance issues with websites, but we still have a broad customer base on IIS6. Troubleshooting performance issues in IIS6 has been quite difficult until Microsoft released a set of tools that gave greater insight into analyzing a stack trace.

The IIS Debug Diagnostics Tool can help track down CPU and memory issues from a worker process. Microsoft has a nice kb article that goes over the basics as well: http://support.microsoft.com/kb/919791.

1. Install the IIS Debug Diagnostics locally on the system.

2. Open the Debug Diagnostics Tool under Start > Programs > IIS Diagnostics > Debug Diagnostics Tool > Debug Diagnostics Tool.

3. Click Tools > Options And Settings > Performance Log tab. Select the Enable Performance Counter Data Logging option. Click OK.

4. Use task manager to find the PID of the worker process.

5. Select the Processes tab and find the process in the list.

6. Right-click on the process and select Create Full Userdump. This will take a few minutes and a box will pop-up giving you the path to the dump file.

7. Select the Advanced Analysis tab and click the Add Data Files button. Browse to the dump file that was jump created and click OK.

8. Select Crash/Hang Analyzers from the Available Analysis Scripts box for CPU Performance and crash analysis. Click Start Analysis.

After a few minutes, a report should be generated containing stack trace information as well as information about any requests executing for longer than 90 seconds. Note that the memory dump with use a few hundred megabytes of space, so be sure to install the tool on a drive with sufficient debugging space. Also, if the box is under heavy load, you can create the user dump on the system, copy the file to your workstation, and perform the analysis locally.