Process Hacker Discussion Forum

 
User avatar
diversenok
Contributor
Posts: 49
Joined: 26 Jun 2017 17:55
OS: Windows 7 x64
Contact:

Find Handles or DLLs discussion

14 Apr 2018 16:56

Hi, everyone. I want to discuss the feature that allows you to search for opened handles across all processes.

First of all, there is a hard-coded limitation that prevents the search from being performed without any specified text. What is the point for that? I mean, sometimes I need to search for all handles of a particular type. Of course, since the search supports regular expressions I can specify something like ^ (to match all handles) or . (for all named ones). Is there a reason to do it in this way? How do you think, is this limitation useful or maybe it should be removed?

And the second. This dialog also allows you to search for DLLs, mapped files, and mapped images. But what category should you select to search for them (except "Everything", of course)? The answer is not very obvious. All these categories (plus the original one) are combined into "File". Is it convenient to have all of them in the same place with this name? I have two suggestions how to make it clear: rename this category (so you can understand what objects it includes) or separate them into several different categories. What do you think?
 
User avatar
viksoftru
Member
Posts: 629
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD

Re: Find Handles or DLLs discussion

14 Apr 2018 20:32

And what are you not doing with the search filters? And regexp like thing is not careless. Personally, I do not see the point in discussing simple and obviously obvious things.
 
User avatar
dmex
Admin
Posts: 1698
Joined: 17 Jan 2011 05:43

Re: Find Handles or DLLs discussion

15 Apr 2018 22:52

diversenok wrote: 14 Apr 2018 16:56
First of all, there is a hard-coded limitation that prevents the search from being performed without any specified text. What is the point for that? Is there a reason to do it in this way? How do you think, is this limitation useful or maybe it should be removed?
This behavior is mostly legacy carried over from earlier revisions of the find handle window. The other reason for this behavior is that it's the same as Process Explorer and most new users would be more comfortable with how it works. The "hard-coded limitation" for empty text is also legacy behavior that was needed to limit the resource usage of the window on machines with very high resource usage (e.g. windows servers). If the machine is running under high load you don't want to accidently exacerbate the problem (and crash the machine) by showing every handle when the machine has (for example) more than two million open handles.
diversenok wrote: 14 Apr 2018 16:56
I can specify something like ^ (to match all handles) or . (for all named ones).
There's also .. for all types ;)
diversenok wrote: 14 Apr 2018 16:56
This dialog also allows you to search for DLLs, mapped files, and mapped images. All these categories (plus the original one) are combined into "File". Is it convenient to have all of them in the same place with this name?
Yes, they're all 'file' backed objects.
diversenok wrote: 14 Apr 2018 16:56
I have two suggestions how to make it clear: rename this category (so you can understand what objects it includes) or separate them into several different categories. What do you think?
Yeah, if you want to add extra categories for mapped files/images then it's no problem but the File category would still need to search all three types otherwise it'll be a pain locating file objects that could be loaded using multiple methods.
 
User avatar
diversenok
Contributor
Posts: 49
Joined: 26 Jun 2017 17:55
OS: Windows 7 x64
Contact:

Re: Find Handles or DLLs discussion

19 Apr 2018 19:59

Thanks for the response. Maybe I'll create a pull request to add these extra categories. :thinking: