从设备路径获取信息
我们的遗留应用程序之一正在一台特定机器上产生资源泄漏。随着时间的推移,总体处理器使用率会增加,直到应用程序关闭并重新启动。
使用perfmon,我发现进程的句柄计数和处理器使用率之间存在直接关联。这个计数增加到数千,我使用 SysInternal 的 handle 来公开所有额外的句柄(至少在今天下午运行 handle 时运行的进程中)都有一个路径\Device\00000066。
我想了解如何发现有关设备路径到底指的是哪个设备的更多信息,以便我们知道从这里去哪里。我强烈怀疑该设备是密码键盘(在借记交易期间使用),但需要证据。
Windows XP sp3。
分辨率 在 Seva Titov 的建议帮助我识别出这是一个 USB 设备后,我有了一个主要嫌疑点:现金抽屉。我们让客户拔掉插头并手动使用几个小时:手柄没有不断增加。我查看了该项目的代码,开发人员在获取设备句柄后忽略了关闭它们。句柄的快速增加是由于计时器在抽屉打开后检查其状态以确定用户何时关闭它。
One of our legacy applications is producing resource leaks on 1 specific machine. Over time the overall processor usage increases until the application is closed and restarted.
Using perfmon I found a direct correlation between the process's handle count and the processor usage. This count went up into the thousands and I used SysInternal's handle to expose that all the extra handles (at least during the process running this afternoon when I ran handle) had a path of \Device\00000066.
I want to learn how to discover more information about exactly what device the device path is referring to so we know where to go from here. I have strong suspicions that the device is a PIN pad (used during debit transactions), but need proof.
Windows XP sp3.
Resolution
After Seva Titov's advice helped me identify it was a USB device, I had one main suspect: a cash drawer. We had the client unplug it and use it manually for a few hours: no constant increase in handles. I looked through that project's code and the developer neglected to close handles to the device after obtaining them. The rapid increase in handles was due to a timer that checked the drawer's status after it was opened to determine when the user had closed it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
以下是如何获取有关内核目录对象的更多信息:
然后使用它为对象显示的值(它打印的第一个值)和 !devobj 命令。
这是我在我的系统上所做的示例 - 我选择了一个名为 \device\0000006a 的随机设备作为示例(只是为了让您感到困惑:->)
0: kd> !object \device\0000006a Object: fffffa8007959630 Type: (fffffa8006bce2d0) Device ObjectHeader: fffffa8007959600 (new version) HandleCount: 0 PointerCount: 6 Directory Object: fffff8a00000b8f0 Name: 0000006a 0: kd> !devobj fffffa8007959630 Device object (fffffa8007959630) is for: 0000006a \Driver\ACPI DriverObject fffffa8006b25d00 Current Irp 00000000 RefCount 1 Type 00000032 Flags 00003040 Dacl fffff9a100092d31 DevExt fffffa800792e7d0 DevObjExt fffffa8007959780 DevNode fffffa800796db10 ExtensionFlags (0x00000800) Unknown flags 0x00000800 AttachedDevice (Upper) fffffa800907d040 \Driver\i8042prt Device queue is not busy.\driver 应该提示您该设备是什么。
Here is how you can get more information on the kernel directory object:
Then use the value that it shows for the object (the first it prints) with !devobj command.
This is the example I did on my system -- I picked up a random device with name \device\0000006a as an example (just to confuse you :->)
0: kd> !object \device\0000006a Object: fffffa8007959630 Type: (fffffa8006bce2d0) Device ObjectHeader: fffffa8007959600 (new version) HandleCount: 0 PointerCount: 6 Directory Object: fffff8a00000b8f0 Name: 0000006a 0: kd> !devobj fffffa8007959630 Device object (fffffa8007959630) is for: 0000006a \Driver\ACPI DriverObject fffffa8006b25d00 Current Irp 00000000 RefCount 1 Type 00000032 Flags 00003040 Dacl fffff9a100092d31 DevExt fffffa800792e7d0 DevObjExt fffffa8007959780 DevNode fffffa800796db10 ExtensionFlags (0x00000800) Unknown flags 0x00000800 AttachedDevice (Upper) fffffa800907d040 \Driver\i8042prt Device queue is not busy.The \driver should give you a hint on what the device is.