1

i am running kind of proxy software on my win7 x64 system, one thing that makes me confused is the svhost -k rpcss process seems to face serious handle leakage, the handle leakage continue to increase, even it reaches to 100,000 in a few days, if i don't reboot my system, the pc will become too slow to work with.

now i suspect this problem maybe caused by the proxy software, and i am trying to debug it using windbg, still have no idea how to assure whether it's the proxy software which cause this problem.

someone told me, bad synchronization code could lead to handle leakage on svhost rpcss process, is that true? can someone just give me a piece of code which can lead to leakage on svhost rpcss? if yes, i can study this code with windbg first, and then i can examinze that proxy software carefully.

Edit 1 @PanagiotisKanavos i ask for piece of code which can lead to leakage, so the question should better at this place rather than on serverfault

Community
  • 1
  • 1
hugemeow
  • 7,777
  • 13
  • 50
  • 63
  • RPCSS is the service that takes care of RPC communications. It's a core part of Windows and *very* well tested. By itself it does *not* open handles. This is done by other programs and services that use RPC - like your proxy. Instead of looking for bugs in a core system component, remove/disable the proxy and check whether the leak goes away. – Panagiotis Kanavos Apr 28 '15 at 12:05
  • BTW this question is appropriate for [serverfault.com](http://serverfault.com), not StackOverflow – Panagiotis Kanavos Apr 28 '15 at 12:08
  • @PanagiotisKanavos read edit 1:) – hugemeow Apr 28 '15 at 12:44
  • To check for leaks, you need *system* tools like Sysinternal's Process Explorer, not a debugger. You'll find guides on searching for handle leaks in Technet, not MSDN. Anyway, you are asking about issues with a core system service. If there were, a lot of people would have noticed in the years since Windows 7 came out. First ensure the *proxy* isn't responsible by removing or disabling it. BTW what proxy is this? Have you checked their support site? – Panagiotis Kanavos Apr 28 '15 at 12:51
  • @PanagiotisKanavos i have used process explorer and pc hunter, but still don't know which process cause the handle leakage, i guess maybe it's that proxy software, but i don't know how code could cause svhost rpcss's handle leakage, so i come here for piece of code which could cause handle leakage – hugemeow Apr 28 '15 at 13:04
  • 1
    This is probably not [window-handles] but kernel handles. Can you check in Process Explorer's Lower pane what type of handles are listed? – Thomas Weller Apr 28 '15 at 22:53
  • @ThomasWeller can user program cause leakage of kernel handles? – hugemeow Apr 29 '15 at 09:37
  • 1
    @hugemeow: Yes. You can't leak kernel objects since you don't own them. You call an API, the kernel object is created and you get a handle which identifies the kernel object. And what did Process Explorer show? What type of handle has the highest count? To show window handles, you need something like NirSoft GdiView. But that's not the case here since Process Explorer does not show GDI handles – Thomas Weller Apr 29 '15 at 19:35
  • @ThomasWeller most of the handles are of event type, what this means? – hugemeow Apr 30 '15 at 02:47
  • 1
    @hugemeow: an event is a synchronization object, e.g. used in multithreading. Someone starts an action and gets notified by the event when the background process is finished. That could be anything... Hard to guess if you don't have the source code. Sorry, at this point I'll have to vote for closing as well... – Thomas Weller Apr 30 '15 at 19:54
  • @ThomasWeller i think the handle leakage maybe bug of windows system:( – hugemeow May 03 '15 at 06:49
  • 2
    @hugemeow. surely not. If svchost had such a bug, it would affect millions of users and Microsoft would fix it immediately. It is more likely that your proxy service does not use RPC the correct way. – Thomas Weller May 03 '15 at 09:23
  • @ThomasWeller some deep bug is not that easy to be found, for users who open system for 2-3 days, that is not a problem, but for users who want to poweron system for weeks or even months, that will be a problem, so it is possible that the kernel have bugs, but most of the users would not know that – hugemeow May 03 '15 at 10:02

0 Answers0