Skip to content

AaronMargosis/ZombieFinder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
AllHandlesSystemwide.cpp
AllHandlesSystemwide.cpp
 
 
AllHandlesSystemwide.h
AllHandlesSystemwide.h
 
 
FileOutput.cpp
FileOutput.cpp
 
 
FileOutput.h
FileOutput.h
 
 
FullThreadReport.cpp
FullThreadReport.cpp
 
 
FullThreadReport.h
FullThreadReport.h
 
 
HEX.h
HEX.h
 
 
HeapMem.cpp
HeapMem.cpp
 
 
HeapMem.h
HeapMem.h
 
 
LICENSE
LICENSE
 
 
NtInternal.h
NtInternal.h
 
 
README.md
README.md
 
 
SecurityUtils.cpp
SecurityUtils.cpp
 
 
SecurityUtils.h
SecurityUtils.h
 
 
ServiceLookupByPID.cpp
ServiceLookupByPID.cpp
 
 
ServiceLookupByPID.h
ServiceLookupByPID.h
 
 
StringUtils.cpp
StringUtils.cpp
 
 
StringUtils.h
StringUtils.h
 
 
SysErrorMessage.cpp
SysErrorMessage.cpp
 
 
SysErrorMessage.h
SysErrorMessage.h
 
 
UtilityFunctions.cpp
UtilityFunctions.cpp
 
 
UtilityFunctions.h
UtilityFunctions.h
 
 
ZombieFinder - public.pptx
ZombieFinder - public.pptx
 
 
ZombieFinder.cpp
ZombieFinder.cpp
 
 
ZombieFinder.rc
ZombieFinder.rc
 
 
ZombieFinder.sln
ZombieFinder.sln
 
 
ZombieFinder.vcxproj
ZombieFinder.vcxproj
 
 
ZombieFinder.vcxproj.filters
ZombieFinder.vcxproj.filters
 
 
ZombieHandles.cpp
ZombieHandles.cpp
 
 
ZombieHandles.h
ZombieHandles.h
 
 
ZombieOwners.cpp
ZombieOwners.cpp
 
 
ZombieOwners.h
ZombieOwners.h
 
 
ZombieProcessThreadInfo.h
ZombieProcessThreadInfo.h
 
 
resource.h
resource.h
 
 

Repository files navigation

ZombieFinder

Identify zombie processes/threads and their reasons for being undead.

A zombie process is one that has exited but that is still represented in kernel memory. This happens when another process retains a handle to the process or to one of its threads and fails to release it, or when something in the kernel obtains a similar reference and fails to dereference it after no longer needing it. System performance can suffer when zombies accumulate in large numbers. This utility identifies zombie processes and the processes responsible for keeping them "undead," as well as zombie processes that are being kept alive solely because of kernel references.

(Online presentation about ZombieFinder: https://youtu.be/bKEvxSGhS-M)

A process that has recently exited should not be considered a zombie. A process that has been waiting on another process' exit should be granted some time to retrieve its exit code and otherwise clean up its references. By default, this utility considers a process to be a zombie only if it had exited at least three seconds ago; this threshold can be changed with a command-line parameter.

The -threads option lists all process objects on the system, indicating whether each has exited, how many active and exited thread objects are associated with it, and its handle count.

ZombieFinder.exe works on x64 SKUs of Windows 7 / Windows Server 2008 R2 and newer.
ZombieFinder32.exe works on x86 SKUs of Windows 7 / Windows Server 2008 R2 and newer.

Command-line syntax:

  ZombieFinder.exe [-details] [-csv] [-secs exitAgeInSecs] [-out filename] [-diag directory]
  ZombieFinder.exe -threads [-out filename]

    -details
      Outputs details about all zombies and owners; default is to output a summary.

    -csv
      Outputs results as tab-delimited fields; default is to output human-readable format with spacing.

    -secs exitAgeInSecs
      Consider a process to be a zombie only if it exited at least exitAgeInSecs seconds ago.
      Default is 3 seconds.

    -threads
      List all processes and counts of active and zombied threads in each (tab-delimited).

    -out filename
      Write output to filename. If not specified, writes to stdout.

    -diag directory
      Write diagnostic output - all collected handle and zombie information - to uniquely named files
      in the named directory.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

ZombieFinder Latest
Oct 18, 2024

Packages

No packages published

Languages