Visible to Intel only — GUID: GUID-5EDCBAD4-C595-42F5-B32A-23AFBFABF19E
Visible to Intel only — GUID: GUID-5EDCBAD4-C595-42F5-B32A-23AFBFABF19E
Kernel Resource Leak
Occurs when a kernel object handle is created but never closed.
ID |
Code Location |
Description |
---|---|---|
1 |
Creation site |
Represents the location and associated call stack from which the handle was created. |
HANDLE hThread = CreateThread(0, 8192, work0, NULL, 0, NULL); return;
ThreadHandle = CreateThread(security, stack_size, Thread_Proc,loc(ivalue), CREATE_SUSPENDED, thread_id) end
Use the appropriate function to close the handle after use.
Creation Function |
Close Function |
---|---|
BeginUpdateResource |
EndUpdateResource |
CreateConsoleScreenBuffer |
CloseHandle |
CreateEvent, OpenEvent |
CloseHandle |
CreateFile, ReOpenFile |
CloseHandle |
CreateFileMapping, OpenFileMapping |
CloseHandle |
CreateIoCompletionPort |
CloseHandle |
CreateJobObject |
CloseHandle |
CreateMailslot |
CloseHandle |
CreateMemoryResourceNotification |
CloseHandle |
CreateMutex, OpenMutex |
CloseHandle |
CreatePipe, CreateNamedPipe |
CloseHandle |
CreateProcess, OpenProcess |
CloseHandle |
CreateProcessAsUser, CreateProcessWithLogon |
CloseHandle |
CreateSemaphore, OpenSemaphore |
CloseHandle |
CreateThread, CreateRemoteThread, OpenThread |
CloseHandle |
CreateToken, CreateRestrictedToken |
CloseHandle |
CreateToolhelp32Snapshot |
CloseHandle |
CreateWaitableTimer, OpenWaitableTimer |
CloseHandle |
DuplicateHandle |
CloseHandle |
DuplicateToken |
CloseHandle |
FindFirstChangeNotification |
FindCloseChangeNotification |
FindFirstFile, FindFirstFileEx, FindFirstFileTransacted |
FindClose |
FindFirstStreamW, FindFirstStreamTransactedW |
FindClose |
InitializeCriticalSection, InitializeCriticalSectionAndSpinCount |
DeleteCriticalSection |
LogonUser |
CloseHandle |
OpenEventLog, OpenBackupEventLog |
CloseEventLog |
OpenProcessToken, OpenThreadToken |
CloseHandle |
RegisterEventSource |
DeregisterEventSource |
WSASocket, socket |
closesocket |