List Handles of a Process using Handle on Windows 8

Q

How to List Handles of a Process using Handle on Windows 8? I want to know what files, registry keys and other resources are used by the running Firefox process.

✍: FYIcenter.com

A

If you want to see what files, registry keys and other resources are used by the running Firefox process on Windows 8, you can use the Windows Sysinternals Handle as shown below:

1. Run Firefox first.

2. Start a command line window by run "Command Prompt" as administrator.

3. Type in the following Handle command:

C:\fyicenter\Handle\Handle -a firefox.exe
------------------------------------------------------------------------------
firefox.exe pid: 5484 fyicenter\fyi
    4: Directory     \KnownDlls
    8: Directory     \KnownDlls32
    C: File  (RW-)   C:\Windows
   14: File  (RW-)   C:\Program Files (x86)\Mozilla Firefox
   18: Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
   1C: Thread        
   20: ALPC Port     
   24: Semaphore     
   28: Key           HKLM
   2C: EtwRegistration 
   30: Event         
   34: WindowStation \Sessions\2\Windows\WindowStations\WinSta0
   38: Desktop       \Default
   40: Key           HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale
   4C: File  (---)   \Device\CNG
   54: File  (---)   \Device\DeviceApi
   A4: Directory     \Sessions\2\BaseNamedObjects
...
  148: Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids
  150: Key           HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
  158: Key           HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
...
  1F8: File  (---)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\b1fkgg87.default\parent.lock
  264: File  (RWD)   C:\Windows\Fonts\seguisym.ttf
  530: File  (RW-)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\b1fkgg87.default\permissions.sqlite
  534: File  (RW-)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\B1FKGG~1.DEF\cert8.db
  55C: File  (RW-)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\b1fkgg87.default\places.sqlite
  560: File  (RW-)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\b1fkgg87.default\places.sqlite-wal
  564: File  (RW-)   C:\Users\fyi\AppData\Roaming\Mozilla\Firefox\Profiles\b1fkgg87.default\places.sqlite-shm
...

⇒__chapteMrTitle__

⇒⇒Windows 8 Processes Tutorials

2016-12-30, 1743🔥, 0💬

"Lenovo Communications Utility - TPKNRRES.exe" Startup Program on Windows 7
What is the startup program "Lenovo Communications Utility - TPKNRRES.exe" on my Windows 7 computer? "Lenovo Communications Utility - TPKNRRES.exe" is installed as part of the computer system. You will see the "TPKNRRES.exe" listed on the Startup tab of msconfig.exe screen as: Startup item: Lenovo C... 2017-06-15, 7447🔥, 2💬

💬 2017-06-15 FYIcenter.com: @PaulQ, TPKNRRES.exe is not the Bluetooth program and not related to wired headset. It is just a quick way to access settings fo...

💬 2017-06-14 PaulQ: Is this simply a Bluetooth program and not needed with a wired headset?

"McTray.exe" Process on Windows 7
What is the "McTray.exe" process on windows 7? Is the "McTray.exe" process a virus? Can I terminate the "McTray.exe" process? "McTray.exe" process represents "McTray Application" program. "McTray.exe" process is created by the startup program: "McAfee Agent". "McTray.exe" process is normally running... 2016-12-19, 5343🔥, 0💬

"UdaterUI.exe" Process on Windows 7
What is the "UdaterUI.exe" process on windows 7? Is the "UdaterUI.exe" process a virus? Can I terminate the "UdaterUI.exe" process? "UdaterUI.exe" process represents "Common User Interface" program. "UdaterUI.exe" process is created by the startup program: "McAfee Agent". "UdaterUI.exe" process is n... 2017-02-25, 4694🔥, 0💬

"McUICnt.exe" Process on Windows 7
What is the "McUICnt.exe" process on windows 7? Is the "McUICnt.exe" process a virus? Can I terminate the "McUICnt.exe" process? "McUICnt.exe" process represents "McAfee" program. "McUICnt.exe" process is normally running under the parent process "Boot" as shown in the process tree below: Boot McUIC... 2016-12-19, 4623🔥, 0💬

"mcupdate.exe" Process on Windows 7
What is the "mcupdate.exe" process on windows 7? Is the "mcupdate.exe" process a virus? Can I terminate the "mcupdate.exe" process? "mcupdate.exe" process represents "McAfee Update Launcher" program. "mcupdate.exe" process is normally running under the parent process "McSvHost" as shown in the proce... 2016-12-24, 3434🔥, 0💬

"hidfind.exe" Process on Windows 8
What is the "hidfind.exe" process on Windows 8? Is the "hidfind.exe" process a virus? Can I terminate the "hidfind.exe" process? "hidfind.exe" process represents "Alps Pointing-device Driver" program. "hidfind.exe" process is normally running under the parent process "Boot" as shown in the process t... 2025-03-12, 2472🔥, 0💬

"msiexec.exe" Process on Windows 8
What is the "msiexec.exe" process on windows 8? Is the "msiexec.exe" process a virus? Can I terminate the "msiexec.exe" process? "msiexec.exe" process represents "Windowsr installer" program. "msiexec.exe" process is normally running under the parent process "Boot" as shown in the process tree below... 2025-03-12, 2443🔥, 0💬

"ApMsgFwd.exe" Process on Windows 8
What is the "ApMsgFwd.exe" process on Windows 8? Is the "ApMsgFwd.exe" process a virus? Can I terminate the "ApMsgFwd.exe" process? "ApMsgFwd.exe" process represents "ApMsgFwd" program. "ApMsgFwd.exe" process is normally running under the parent process "Boot" as shown in the process tree below: Boo... 2025-03-12, 2358🔥, 0💬

"rundll32.exe" Process on Windows 8
What is the "rundll32.exe" process on Windows 8? Is the "rundll32.exe" process a virus? Can I terminate the "rundll32.exe" process? "rundll32.exe" process represents "Windows host process (Rundll32)" program. "rundll32.exe" process is normally running under the parent process "Boot" as shown in the ... 2025-03-12, 2224🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.