!htrace can be used in both user-mode debugger and kernel debugger to display stack trace information for one or all the handles in a process. This information is available if handle tracing is enabled for the process � automatically enabled if handle checking is enabled in the application verifier. Stack traces are saved every time the process is opening or closing a handle or when it is referencing an invalid handle.

The kernel debugger syntax for this extension is:

!htrace [ handle [process] ]���

If handle is not specified or is 0, information about all the handles in the process will be displayed. If process is not specified, the current process will be used.

The user-mode debugger syntax is:

!htrace [handle]

The user-mode debugger extension always displays information about the current debugee process.

Examples:

kd> !htrace 7CC 815328b0

Loaded \\...\kdexts extension DLL

Process 0x815328B0

ObjectTable 0xE15ECBB8

--------------------------------------

Handle 0x7CC - CLOSE:

0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103

0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4

0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85

0x801E1EDD: ntoskrnl!NtClose+0x19

0x77DBFCD6: KERNEL32!GetLocaleFileInfo+0x3D

0x77DBF942: KERNEL32!NlsProcessInitialize+0x11D

0x77E0C6DF: KERNEL32!NlsDllInitialize+0x35

0x6A20785C: ntdll!LdrpCallInitRoutine+0x14

0x6A205393: ntdll!LdrpRunInitializeRoutines+0x1D9

0x6A20DD80: ntdll!LdrpInitializeProcess+0xAF6

--------------------------------------

Handle 0x7CC - OPEN:

0x8018F44A: ntoskrnl!ExCreateHandle+0x94

0x801E3180: ntoskrnl!ObpCreateHandle+0x304

0x801E1563: ntoskrnl!ObOpenObjectByName+0x1E9

0x77DBFCD6: KERNEL32!GetLocaleFileInfo+0x3D

0x77DBF942: KERNEL32!NlsProcessInitialize+0x11D

0x77E0C6DF: KERNEL32!NlsDllInitialize+0x35

0x6A20785C: ntdll!LdrpCallInitRoutine+0x14

0x6A205393: ntdll!LdrpRunInitializeRoutines+0x1D9

0x6A20DD80: ntdll!LdrpInitializeProcess+0xAF6

--------------------------------------

Parsed 0x1CA stack traces.

Dumped 0x2 stack traces.

kd> !htrace 0 81400300

Process 0x81400300

ObjectTable 0xE10CCF60

--------------------------------------

Handle 0x7CC - CLOSE:

0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103

0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4

0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85

0x801E1EDD: ntoskrnl!NtClose+0x19

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7CC - OPEN:

0x8018F44A: ntoskrnl!ExCreateHandle+0x94

0x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C

0x801E7317: ntoskrnl!ObInsertObject+0xC3

0x77DE23B2: KERNEL32!CreateSemaphoreA+0x66

0x010011C5: badhandle!main+0x45

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7DC - BAD REFERENCE:

0x8018F709: ntoskrnl!ExMapHandleToPointerEx+0xEA

0x801E10F2: ntoskrnl!ObReferenceObjectByHandle+0x12C

0x801902BE: ntoskrnl!NtSetEvent+0x6C

0x80154965: ntoskrnl!_KiSystemService+0xC4

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7DC - CLOSE:

0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103

0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4

0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85

0x801E1EDD: ntoskrnl!NtClose+0x19

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7DC - OPEN:

0x8018F44A: ntoskrnl!ExCreateHandle+0x94

0x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C

0x801E7317: ntoskrnl!ObInsertObject+0xC3

0x77DE265C: KERNEL32!CreateEventA+0x66

0x010011A0: badhandle!main+0x20

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Parsed 0x6 stack traces.

Dumped 0x5 stack traces.

kd> !htrace� 7DC

Process 0x81400300

ObjectTable 0xE10CCF60

--------------------------------------

Handle 0x7DC - BAD REFERENCE:

0x8018F709: ntoskrnl!ExMapHandleToPointerEx+0xEA

0x801E10F2: ntoskrnl!ObReferenceObjectByHandle+0x12C

0x801902BE: ntoskrnl!NtSetEvent+0x6C

0x80154965: ntoskrnl!_KiSystemService+0xC4

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7DC - CLOSE:

0x8018FCB9: ntoskrnl!ExDestroyHandle+0x103

0x801E1D12: ntoskrnl!ObpCloseHandleTableEntry+0xE4

0x801E1DD9: ntoskrnl!ObpCloseHandle+0x85

0x801E1EDD: ntoskrnl!NtClose+0x19

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Handle 0x7DC - OPEN:

0x8018F44A: ntoskrnl!ExCreateHandle+0x94

0x801E3390: ntoskrnl!ObpCreateUnnamedHandle+0x10C

0x801E7317: ntoskrnl!ObInsertObject+0xC3

0x77DE265C: KERNEL32!CreateEventA+0x66

0x010011A0: badhandle!main+0x20

0x010012C1: badhandle!mainCRTStartup+0xE3

0x77DE0B2F: KERNEL32!BaseProcessStart+0x3D

--------------------------------------

Parsed 0x6 stack traces.

Dumped 0x3 stack traces.