Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to get list or enumerate files(handles) opened by process,

1,082 views
Skip to first unread message

Sławomir Woźnica

unread,
Oct 8, 2009, 10:34:48 AM10/8/09
to
Hi

I´m trying develope console aplication that will retrive the path of
current file opened by the process for example notepad.

Let´s sey that in notepad++ I have opened 3 files .
I need the list that look like:

List:
Notepad++:
file1.txt
file2.txt (curently edited)
file3.txt

I allredy have the list of processes (Name and PID)

.
.
notepad++.exe (PID: 1144)
rxvt.exe (PID: 3964)
sh.exe (PID: 2064)
procexp.exe (PID: 3528)
devenv.exe (PID: 4048)
firefox.exe (PID: 3428)
rxvt.exe (PID: 3956)
sh.exe (PID: 2512)
rxvt.exe (PID: 1072)
sh.exe (PID: 824)
mobsync.exe (PID: 1148)
sh.exe (PID: 872)
spyprocess.exe (PID: 1144)
.....

I also have list of modules used by process

.(peace of this list:)
.
Process ID: 1144
C:\Program Files\Notepad++\notepad++.exe (0x00400000)
C:\Windows\system32\ntdll.dll (0x775B0000)
C:\Windows\system32\kernel32.dll (0x76C30000)
C:\Windows\WinSxS\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a08 979cc
\COMCTL32.dll (0x74B90000)
C:\Windows\system32\msvcrt.dll (0x770F0000)
C:\Windows\system32\ADVAPI32.dll (0x76DE0000)
C:\Windows\system32\RPCRT4.dll (0x76F00000)
C:\Windows\system32\GDI32.dll (0x76B10000)
C:\Windows\system32\USER32.dll (0x77050000)
C:\Windows\system32\SHLWAPI.dll (0x776F0000)
C:\Windows\system32\SHELL32.dll (0x75F40000)
C:\Windows\system32\comdlg32.dll (0x76FD0000)
C:\Windows\system32\ole32.dll (0x772D0000)
C:\Windows\system32\IMM32.DLL (0x777F0000)
C:\Windows\system32\MSCTF.dll (0x76B60000)
C:\Windows\system32\LPK.DLL (0x776E0000)
C:\Windows\system32\USP10.dll (0x76D10000)
C:\Windows\system32\WS2_32.dll (0x75E30000)
C:\Windows\system32\NSI.dll (0x77750000)
C:\Windows\system32\NTMARTA.DLL (0x75C90000)
C:\Windows\system32\WLDAP32.dll (0x76D90000)
C:\Windows\system32\PSAPI.DLL (0x75D90000)
C:\Windows\system32\SAMLIB.dll (0x75C70000)
C:\Program Files\Notepad++\SciLexer.DLL (0x10000000)
C:\Windows\system32\Msimg32.dll (0x75120000)
C:\Windows\system32\uxtheme.dll (0x74E90000)
C:\Windows\system32\SETUPAPI.dll (0x77420000)
C:\Windows\system32\OLEAUT32.dll (0x76A80000)
.......

I used EnumProcessModules() function and then retrive
list of modules, but I cant reach to the handle of current file
(file1.txt) opened by process or just list of all files(handles)
opened by process,

Can you please help me with this?

Christian ASTOR

unread,
Oct 8, 2009, 11:19:34 AM10/8/09
to
On 8 oct, 16:34, Sławomir Woźnica <slawomir.wozn...@gmail.com> wrote:
> Hi
>
> I´m trying develope  console aplication that will retrive the path of
> current file opened by the process for example notepad.
>
> Let´s sey that in notepad++ I have opened 3 files .
> I need the list that look like:
>
> List:
> Notepad++:
> file1.txt
> file2.txt (curently edited)
> file3.txt

It's specific for each application.
The normal way to enumerate the handle table is with
NtQuerySystemInformation() to get handles for each PID,
but programs like Notepad or Notepad++ close the handles.
(you can enumerate tabs of the Tab control of Notepad++ for example...)

Uwe Sieber

unread,
Oct 9, 2009, 3:07:18 AM10/9/09
to
Sławomir Woźnica wrote:
> Hi
>
> I´m trying develope console aplication that will retrive the path of
> current file opened by the process for example notepad.
>
> I used EnumProcessModules() function and then retrive
> list of modules, but I cant reach to the handle of current file
> (file1.txt) opened by process or just list of all files(handles)
> opened by process,
>
> Can you please help me with this?


google for
NtQuerySystemInformation NtQueryObject

Best hit:
http://forum.sysinternals.com/forum_posts.asp?TID=3577


Probem: Before calling NtQueryObject you don't know
the type of handle. But if you call NtQueryObject
for a waiting pipe then it will not return until
the pipe stops waiting.
Seems a driver is required to overcome this...


Uwe


kcynice

unread,
Oct 10, 2009, 10:10:40 AM10/10/09
to

> I used EnumProcessModules() function and then retrive
> list of modules, but I cant reach to the handle of current file
> (file1.txt) opened by process or just list of all files(handles)
> opened by process,
>
> Can you please help me with this?

You use EnumProcessModules? I think this function is only used to
retrieve module images it loaded into its process memory space. Waht i
said modules are different with the files it opened. Dll files are common.

btw, why i use EnumProcessModules function will get an error
code:ERROR_GEN_FAILURE?

0 new messages