Handle Leak Analysis via WinDbg


This article illustrates how to investigate the handle leak via WinDbg.

The idea is to take two snapshots and compare them to find out the code where handle was allocated during the period.


  • We have the symbol file (usually PDB) of the application and modules.
  • The handle leaking is reproducible, you know how to trigger the leaking, but don’t know exactly the reason or the code where causes the bug.


Enable Handle Trace

Break the application in WinDbg (Use Ctrl+Break) and then enable the handle trace using the following command.

!htrace -enable

Take a Snapshot of the Current Handles

Break the application again and take a snapshot using the following command

!htrace -snapshot

Trigger the Leaking

Run the operation which caused the handle leaking problem.

Monitor the application in TaskMgr, and find the number of handles is increasing.

Compare the Snapshots

Now, break the application again and use -diff to compare the current value with the snapshot we took before and WinDbg will show the code where handles were allocated.

!htrace -diff
Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.