Handle View

A kernel object is a data structure that represents a system resource (e.g. a file, thread, or image). An application cannot directly access object data or the system resource that an object represents. Instead, an application must obtain an object handle, which is an integer value that uniquely identifies a resource in memory.

The Handle View shows all the kernel objects (such as files, folders, registry keys, window stations, desktops, network endpoints, etc.) opened by the selected process. You can open it in the lower pane by pressing the Ctrl + h shortcut (to close it, use Ctrl + l):

With the Handle view you can inspect all the kernel objects currently opened by the selected process. By default. the type and name for all named objects opened by the selected process are shown (e.g. type Thread and name mysqld.exe).

You can right-click the object to get two additional options:

• Close Handle – force closes the selected handle. Using this feature with caution because it can lead to a crash of the application or data corruption.
• Properties – opens up the Properties dialog box with various information about the handle.

Geek University 2022