A handle leak occurs in Windows Server 2008 R2 and Windows 7 when you try to delete a folder containing an executable file

Vzťahuje sa na: Windows 7 Home BasicWindows 7 Home PremiumWindows 7 Enterprise

Symptoms


Consider the following scenario:
  • You have a computer that is running Windows Server 2008 R2 or Windows 7.
  • You have an executable (.EXE) file in a given folder and you launch that application (.EXE) and close it.
  • You attempt to perform a delete operation on the folder containing an executable (.EXE) file, the operation may fail with following error message:


After pressing Yes button on above warning, it would still fail to delete the folder and see following:

Cause


  • This problem occurs because AeLookupSvc (Application Experience) service running in svchost.exe tries to check the compatibility of the given executable (.EXE) file did not close the handle.
  • Because of the leaked handle, the folder can't be deleted unless the system is rebooted.


Workaround


To workaround this issue, reboot the system and post reboot the folder can be deleted without any errors or warnings.

More Information


If procmon log is captured for the delete operation, following entries will be observed in the log:

3:14:38.2896465 AM explorer.exe 460 SetDispositionInformationFile D:\<FolderToDelete> NOT EMPTY Delete: True
3:14:38.2927823 AM explorer.exe 460 SetDispositionInformationFile D:\<FolderToDelete>\<application>.exe SUCCESS Delete: True
3:14:38.2946548 AM explorer.exe 460 SetDispositionInformationFile D:\<FolderToDelete> SUCCESS Delete: True
3:14:40.8315654 AM explorer.exe 460 CreateFile D:\<FolderToDelete> DELETE PENDING Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
3:14:40.8317324 AM explorer.exe 460 CreateFile D:\<FolderToDelete> DELETE PENDING Desired Access: Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a