How get file path by handle in windbg? - McMap

About

How get file path by handle in windbg?

Asked 13/2, 2013 at 16:5 Answered 13/2, 2013 at 16:16

Solved windows windbg handle

C

1

7

How I can obtain file path from handle with windbg/kd in kernel mode?

Coelenteron answered 13/2, 2013 at 16:5 Comment(0)

S

7

Use !handle <handle_num> 7 <proc_id> to display detailed information for that handle where <handle_num> is the handle value and <proc_id> is the process id value (both hex based) see this msdn link for further information.

You can gleam your process id from a user mode session, this is the easiest method, just attach in user mode and enter the pipe command | and it will output like so:

. 0 id: 1680 attach name: D:\test\MyApp.exe

so 1680 would be the proc id, then list the handles using !handle and then in kernel mode enter:

!handle <handle_num> 7 1680

will display what you want, there is a useful blog entry on this here.

Subjunction answered 13/2, 2013 at 16:16 Comment(2)

Thats all I had codekd> !handle f 000000c8 PROCESS 8c0a7cf8 SessionId: 1 Cid: 0150 Peb: 7ffdf000 ParentCid: 0148 DirBase: 3f4c70a0 ObjectTable: 9e40bea8 HandleCount: 176. Image: csrss.exe 000f: Object: 8b79a6b0 GrantedAccess: 00000804 code But I want file name on disk, which handle describe. – Coelenteron 13/2, 2013 at 16:25

You need the handle number and your process id, so for instance !handle <handle_num> 7 <proc_id> this will dump the info for that handle – Subjunction 13/2, 2013 at 16:34

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.