How can I determine Process / File Usage?
Joseph Geretz
or
Given a file name, how can I get a list of the processes which are accessing
it?
Thanks immensely for your help!
- Joe Geretz -
Randy Birch
... http://vbnet.mvps.org/code/network/netfileenum.htm
--
Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
"Joseph Geretz" <jge...@nospam.com> wrote in message
news:%23xbM31z...@tk2msftngp13.phx.gbl...
: Given a process handle, how can I get a list of the files it is accessing?
:
:
Glenn Coleman
the local machine (using mapped drives).
Is this the only way to do this on a local machine -- is there no "local"
equivalent of NetFileEnum to get the same info locally?
Thanks.
"Randy Birch" <rgb_rem...@mvps.org> wrote in message
news:%23arvTh6...@TK2MSFTNGP09.phx.gbl...
Ken Halter
> Given a process handle, how can I get a list of the files it is accessing?
If you want a tool that'll do what you ask and more, see:
Process Viewer (Freeware)
http://www.xmlsp.com/pview/prcview.htm
You can start an app, click on it in the viewer and see all kinds of
things.. mem use, modules loaded, ocxs, dlls, etc, etc and it's all
exportable to CSV.
--
Ken Halter - MS-MVP-VB - http://www.vbsight.com
Please keep all discussions in the groups..
Joseph Geretz
Thanks for your assistance. But we need a programmatic way to do this
ourselves, within our own application. We're finding this particular task
very interesting. It seems to be possible, because other developers have
done this themselves, one way or another. On the other hand it's proving to
be very difficulty finding the specification on how we can do this
ourselves. Maybe my expectations are too high, but isn't this one of the
basic features one would expect from the filesystem subsystem of a mature
OS?
Here's my application scenario: We launch a copy of Word to Edit a file. My
application has to go into a wait state until Word is done with the file,
i.e. the user exits Word, optionally saving the file. Therefore we need a
non-invasive way (we can't interfere with Word) to poll the file to
determine when Word is done with it.
Interestingly enough, we found that the document file is released for about
5ms and then reacquired by Word during the Save process. We suspect that
this occurs when the Word UI windows 'hands the file off' to the background
Word process for background saving. (Try this at your workstation with
Office 2003. Open multiple documents and you'll see multiple word
applications but only one Word process. Close an edited document and you'll
see the Word UI window vanish almost immediately, although the file save can
go on for another second or two in the background (depending on the size of
the file). Anyway, because of this, opening the file to detect if the file
lock is gone, is disruptive to the save operation if we hit the file at just
the wrong moment.
Se we need a non-invasive way to monitor a file at defined intervals to see
whether it is being accessed. And we need to be able to do this for local
files, even without having administrative rights. Is this possible?
Thanks!
- Joe Geretz -
"Ken Halter" <Ken_Halter@Use_Sparingly_Hotmail.com> wrote in message
news:er6pirCy...@TK2MSFTNGP11.phx.gbl...
Unicorn
> ... http://vbnet.mvps.org/code/network/netfileenum.htm
>
> --
>
>
> Randy Birch
> MS MVP Visual Basic
> http://vbnet.mvps.org/
Your code is very good for network activities, but how do we get the same
information for files opened on the local machine?
Matt
Randy Birch
not return local files opened by selecting the file through the local file
system (eg drive C, drive D etc.). Passing either the local machine name
(or no name at all - "") will return open files on the local machine only if
those files are located on a locally mapped drive, or using a local UNC
path.
For example, if you map a drive to a local path (perhaps to shorten
navigation or for convenience):
mapped drive X: = E:\attachment hold\
... and you opened a file on X, the path & file would appear in the dialog
using the local path, e.g.:
E:\attachment hold
E:\attachment hold\2004 summit
E:\attachment hold\2004 summit\Visual-Studio-IDE.ppt
Similarly, if a UNC path was specified to a file, e.g.
<word's open dialog> > \\vbnetdev\my documents\mail setup.doc
... the local path to that file would be returned in NetFileEnum:
c:\My Documents\mail setup.doc
This information is similar to the data returned (under XP) in the Computer
Management MMC console under Shared Folders > Open Files.
I can't find any specific API that will enumerate open files on the local
machine.
--
Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
"Unicorn" <uni...@somewhere.com> wrote in message
news:%23hj2oAg...@TK2MSFTNGP10.phx.gbl...
:
: "Randy Birch" <rgb_rem...@mvps.org> wrote in message
:
:
Joseph Geretz
interested in open *local* files? Doesn't the OS make this information
available? And can't this information for local files be made available to a
non-admin user?
Thanks,
- Joe Geretz -
"Randy Birch" <rgb_rem...@mvps.org> wrote in message
news:uwCgbpmy...@TK2MSFTNGP10.phx.gbl...
Randy Birch
--
Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
"Joseph Geretz" <jge...@nospam.com> wrote in message
news:%234W21wm...@TK2MSFTNGP15.phx.gbl...
: But what if we're not interested in open network files, rather we're
: > :
: >
:
:
Joseph Geretz
system device drivers? It's been about 15 years since I did this sort of
stuff, messing around with TSR interrupt handlers under DOS. (I guess the
more things change, the more they stay the same...)
Thanks,
Joe Geretz
"Randy Birch" <rgb_rem...@mvps.org> wrote in message
news:O0HjPEqy...@TK2MSFTNGP15.phx.gbl...
Unicorn
only one who can't find such information
Matt
Randy Birch
combination of searches of the MSDN or gaggle produces any leads. I'd like
to know as well. I seem to recall seeing code that could tell the files
that running apps had open, and of course there is the process APIs that
will return the system files that are loaded.
--
Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
"Joseph Geretz" <jge...@nospam.com> wrote in message
news:ut5nJat...@TK2MSFTNGP12.phx.gbl...
: Oh, that's unfortunate. So this can only be done by hooking into the file
: > : >
: > :
: > :
: >
:
:
Joseph Geretz
Their approach to the problem is to hook into file subsystem. Note also,
that they only obtain real-time info for file accesses performed after their
hook is installed. This seems to indicate that they can't either find a way
to obtain file usage information after the fact via API.
http://www.sysinternals.com/ntw2k/source/filemon.shtml
---------------------------------------------------
How FileMon Works
----------------------
For the Windows 9x driver, the heart of FileMon is in the virtual device
driver, Filevxd.vxd. It is dynamically loaded, and in its initialization it
installs a file system filter via the VxD service,
IFSMGR_InstallFileSystemApiHook, to insert itself onto the call chain of all
file system requests. On Windows NT the heart of FileMon is a file system
driver that creates and attaches filter device objects to target file system
device objects so that FileMon will see all IRPs and FastIO requests
directed at drives. When FileMon sees an open, create or close call, it
updates an internal hash table that serves as the mapping between internal
file handles and file path names. Whenever it sees calls that are handle
based, it looks up the handle in the hash table to obtain the full name for
display. If a handle-based access references a file opened before FileMon
started, FileMon will fail to find the mapping in its hash table and will
simply present the handle's value instead.
Information on accesses is dumped into an ASCII buffer that is periodically
copied up to the GUI for it to print in its listbox.
---------------------------------------------------
"Randy Birch" <rgb_rem...@mvps.org> wrote in message
news:u53qxSxy...@tk2msftngp13.phx.gbl...