Maximum Handles in a process

Author

Pavel Yosifovich
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses and “Windows Internals” series.

Ever wondered how many handles you can create in a process? Each process has its own handle table, with handles pointing to various kernel objects. In this video, we’ll explore the maximum number of handles you can create and understand the cost associated with them.

? Understanding Handle Costs:

  1. Handle Basics: A handle points to a handle entry in system space, linked to the e-process data structure managing a process.
  2. Components of a Handle:
    • Object Address: Requires 44 bits since objects start on a 16-byte boundary.
    • Access Mask: Determines the powers of each handle.
    • Flags: Includes inheritance, protection from closure, and audit on closure.

Gain Insider Knowledge

Subscribe to updates from the TrainSec trainers

? Practical Experiment:

  1. Creating Handles:
    • MaxHandles1: Create as many handles as possible using a loop to create mutexes. Check the result in Task Manager.
    • MaxHandles2: Create a single mutex and use DuplicateHandle to generate multiple handles pointing to the same mutex.
  2. Observations:
    • With MaxHandles1, we observed up to 16 million handles. Task Manager shows a page pool size of around 256 MB, matching the cost of 16 million handles.
    • With MaxHandles2, using DuplicateHandle, we achieved the same number of handles but with only one mutex. This highlights the difference in memory consumption and handle creation cost.

? Memory Consumption:

  • Mutexes: Less memory intensive but still consumes a significant amount.
  • Job Objects: Much larger and consume more memory, impacting system performance significantly when created in large quantities.

? System Impact:

  • Handle Limit: The practical limit is around 16 million handles.
  • Memory Usage: Handles themselves use about 256 MB, but the objects they point to can use significantly more memory, especially for larger objects like job objects.

? Summary:

  • The maximum number of handles is primarily constrained by system resources and the type of objects being handled.
  • While handles themselves are relatively small, the objects they point to can consume a substantial amount of memory.

? Next Steps:

  • Investigate further into handle-related flags and their effects.
  • Explore how different types of objects impact handle creation and memory usage.

Thanks for watching! If you enjoyed this video, don’t forget to subscribe for more insights into process management and system internals.

Windows Internal master badge

$1300

$1040 or $104 X 10 payments

Windows Internals Master

Broadens and deepens your understanding of the inner workings of Windows.

Become Windows Internal Master
blue depth

About the author

Pavel Yosifovich
25+ years as Software developer, trainer, consultant, author, and speaker. Co-author of “Windows Internals”. Author of “Windows Kernel Programming”, “Windows 10 System Programming, as well as System and kernel programming courses and “Windows Internals” series.
All corses and publications

Useful Resources

Join our Discord community
Pavel’s GitHub
Pavel’s Books
Uriel’s GitHub
Antivirus Bypass Techniques Book

Learning Paths

Windows Master Developer
Windows Internals Master
Windows Security Researcher
Hardware Hacking Expert

Let's Connect

Contact Us

@2024 TrainSec. All rights reserved. Terms of Use | Privacy Policy