I am writing a Windows shell script that works with lock files. For the sake of knowing if some file is locked, I am testing the Handle* utility from SysInternals that, according to its docs:
«Handle is a utility that displays information about open handles for
any process in the system. You can use it to see the programs that
have a file open»
so I try it by creating a simple .txt file:
C:\Windows\system32>echo Foo >> Foo.txt
C:\Windows\system32>notepad Foo.txt
(notepad appears on screen with a new file named Foo.
C:\Windows\system32>handle Foo
Handle v3.51
Copyright (C) 1997-2013 Mark Russinovich
Sysinternals - www.sysinternals.com
No matching handles found.
What is going on here? My file is supposed to be open, and notepad should have a handle on it, but this line:
handle -p notepad | grep "Foo"
yields no results.
How can I use handle to know if my Foo.txt file is in use (locked)?
Maybe someone could give me some examples of the usage of handle.
Notepad reads the file into memory and closes the handle, which is why you don't see it open. You can see that behavior in a Process Monitor trace.
At first I guess that you forgot the file extension .txt in your command line, the second thing is I guess it will only show processes with a exclusive file lock which is not given by notepad.
Related
I have a symlink named example.avi that points to a real example.avi video file. When a program tries opens the symlink, it really opens the video file. But now I would like execute a command line whenever a program tries to open the symlink file.
Is that possible?
ps: windows
No, there is no built-in way of creating a symlink or other file system object that causes a command to be executed when it is opened by an application.
It should in principle be possible to do this with a file system filter driver. But that's very complicated. I believe there are some third-party tools to simplify this sort of task, but I don't have any experience with them.
While I am clearly ignorant on the subject of symlinks in Windows (see my comments on your question). I just played with it and proved that you could basically do this by symlinking to a wrapper for your avi. I.e. symlink to an exe or a batch file, etc. which does what you want and then opens the avi. Here's a test I ran with txt files and notepad:
Create a file called test.txt with some text. Create a file next to it called test.bat. Here's the batch:
notepad test.txt
When you run the batch, it just opens the txt in notepad.
Then I added a symlink:
mklink test2.txt test.bat
Now, when I type test2.txt in the command prompt, or double click on it, it runs the batch and opens the test.txt file. Obviously, you can use the same basic logic. It doesn't, however, fire the batch off when I open the symlink in Notepad++. It just opens to batch for editing instead.
Of course, maybe you don't want a second file, in which case you need to literally embed your avi in some wrapper. I guess we ned to know more about what you want to do. It sounds like an attempt at malware hidden in a video to me...
Why I ask is that my program uses 3rd party software that sometimes leaves behind orphan processes that have no link back to my program or the 3rd party process. These orphan processes start to add up and consume tons of resources over time. I would like to kill them off periodically, but in order for me to do that, I need to know for sure they were created by my program and not some other program. I have viewed the orphan processes in Process Explorer and when looking at the properties of the process, I see a field called "Current Directory". The current directory for the orphaned process is the install directory of my program. This would give me reassurance I am killing a process created by my program.
Since these processes are created by a 3rd party, I need to just kill them after they are created by running taskkill on them or something. Is there a way to figure out the current working directory of a process using out of the box windows commands in a batch file? If this can be done through wmic queries that would be preferable, but I cannot seem to find the current working directory when using wmic. I assume if Process Explorer is able to obtain this info, I should be able to get it too through some batch commands.
tlist from WDK to the rescue! The 2nd line of its output ("CWD: ...") shows the working directory of a process:
> tlist 944
944 postgres.exe
CWD: D:\Lab\Database\pgsql\test\
CmdLine: "D:/Tools/pgsql/bin/postgres.exe" -D "."
VirtualSize: 221116 KB PeakVirtualSize: 242620 KB
WorkingSetSize: 17076 KB PeakWorkingSetSize: 19336 KB
NumberOfThreads: 4
9084 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
8504 Win32StartAddr:0x00000000 LastErr:0x000000b7 State:Waiting
8616 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
7468 Win32StartAddr:0x00000000 LastErr:0x00000000 State:Waiting
9.3.5.14202 shp 0x0000000000400000 D:\Tools\pgsql\bin\postgres.exe
6.1.7601.18247 shp 0x00000000770D0000 C:\Windows\SYSTEM32\ntdll.dll
...
See the doc for more info.
Handle is an utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
Its GUI-based version is Process Explorer .
handle -p yourProcess.exe > log.txt
It'll list all handles for yourProcess.exe in log file and now using batch command you can easily extract 'current working directory' of yourProcess from log.txt.
added by barlop
here is the output.. for process c:\tinyweb\tiny.exe run from c:\tinyweb\rrr
C:\Users\user>handle -p tiny.exe
Nthandle v4.1 - Handle viewer
Copyright (C) 1997-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
tiny.exe pid: 20668 compA\user
10: File C:\Windows
1C: File C:\tinyweb\rrr
9C: File C:\tinyweb\rrr\access_log
A0: File C:\tinyweb\rrr\agent_log
A4: File C:\tinyweb\rrr\error_log
A8: File C:\tinyweb\rrr\referer_log
E4: Section \Sessions\1\BaseNamedObjects\__wmhr_msgs_buffer_name$1e74
EC: File C:\Windows\winsxs\x86_microsoft.windows.common-controls_659
C:\Users\user>
If you want to parse it specifically then you could do it in pure cmd.exe with e.g. for /f, or with a third party scripting language like ruby, or with windows ports of various *nix style command line tools. This line uses such tools and gets it (obviously the following line requires grep and sed, preferably decent versions of them e.g. from cygwin)
C:\Users\harvey>handle -p tiny.exe | grep "pid:" -A 3 | sed -n "3p" | grep -o ".:[\]\S*"
C:\tinyweb\rrr
The following will work, though you only need "CommandLine" or "ExecutablePath" - not both:
wmic process where "ProcessID=1111" get CommandLine, ExecutablePath
It will return something like the following, showing where the program for PID 1111 is running:
"C:\Program Files (x86)\Common Files\MyProgram\Agent\agent.exe"
I have a shell script which contains a sed command that does the insertion into an existing file:
sed -i "/<test name=\"test-$NUMBER\">/i $NEW_TEST_SUITE" test.xml
After running this shell script, I opened the file test.xml in Notepad++, and there is indeed a new line being inserted before:
<test name="test-XXXX">
However, when I tried to do a pretty print (by clicking CTRL+ALT+SHIFT+B) and save that file, it popped up an alert saying:
Please check if this file is opened in another program
So I was thinking could that be caused by modifying the file while not closing it? Do I need to close the file after using sed? If so, could you tell me what the command is since I've searched online but didn't find anything regarding this? (my platform is Windows 7)
No. When sed exits, the file is closed.
This is probably a permissions issue. Verify that your Windows user has write access to the file.
If it's on a Windows partition, try running Notepad++ as administrator. If it's on a Linux shared fs, try chmod.
No, sed does not keep files open. Once the script has completed, all open files are then closed.
Try using Process Explorer to find what process has the file open. Use Ctrl-F to find an open handle that is attached to the file you are having problems with.
How do I pipe standard error to a file in a DOS batch file? Piping using >> only pipes the standard output and the standard error still goes to the console.
Details of my issue:
I am running WinRAR via command line, in an automated daily backup. And the following example pipes WinRar's output, but not the error output which is what I want most, to winraroutput.txt:
RAR.exe a -esh -r "E:\backup.rar" "D:\*.*" >> winraroutput.txt
The issue is sometimes files are in use and when they are I want to know they were missed in the archive and record this in a .txt file next to each .rar file in case we ever have to go back. The missing files are easily replaced by reinstalling programs so it's no big deal to replace them, as long as we know they are missing. So it's just information that would be great to know, not necessary, in the time of need.
How do I output just the standard error output to the .txt file and, if possible but not necessary, leave the the regular output to the console?
Bonus points:
Bonus points if you can tell me how to delete the file if it's blank (no errors)! Asked here: How do I Detect (and Delete) a File if it is Empty using a Windows Batch File?.
Try this:
command.exe 2>file.txt
Or if you prefer not to see any errors, send it to nul:
command.exe 2>nul
This should leave std::cout on the console.
I've got a PHP script which I'm running from a command line (windows) that performs a variety of tasks, and the only output it gives is via 'print' statements which output direct to screen.
What I want to do is capture this to a log file as well.
I know I can do:
php-cli script.php > log.txt
But the problem with this approach is that all the output is written to the log file, but I can't see how things are running in the mean time (so I can stop the process if anything dodgy is happening).
Just to pre-empt other possible questions, I can't change all the print's to a log statement as there are far too many of them and I'd rather not change anything in the code lest I be blamed for something going fubar. Plus there's the lack of time aspect as well. I also have to run this on a windows machine.
Thanks in advance :)
Edit: Thanks for the answers guys, in the end I went with the browser method because that was the easiest and quickest to set up, although I am convinced there is an actual answer to this problem somewhere.
You can create a powershell script that runs the command, reads the data from the command's STDOUT then outputs the output to both the log file and the terminal for you to watch. You can use the commands Write-Output and Write-Host.
Microsoft's site: http://www.microsoft.com/technet/scriptcenter/topics/msh/cmdlets/tee-object.mspx
Another option would be use find a tee program that will read input and divert it to two different outputs. I believe I have seen these for windows but I don't think they are standard.
Wikipedia: http://en.wikipedia.org/wiki/Tee_(command)
I have always opened the log file up in my web browser. This allows me to refresh it easily and does not interrupt any writing to the file that windows does. It isn't particularly elegant but it does work!
You want the "tee" command for Windows. See http://en.wikipedia.org/wiki/Tee_(command)
Powershell includes a tee command, and there are also numerous versions of tee for Windows available, for instance:
http://unxutils.sourceforge.net/
http://www.chipstips.com/?p=129
Also can be implemented in VBScript if you prefer.
EDIT: Just occurred to me I should also mention the tail command: http://en.wikipedia.org/wiki/Tail_(Unix). Tail allows you to read the last N lines of a file, and also includes a "file monitor" mode that just continually displays the end of the file in real-time. This is perfect for log file monitoring since it allows you to watch the log in real-time without interfering with the process that's writing to the log. There are several implementations of tail for Windows, both command line and GUI based. Microsoft's Services For UNIX packages (or whatever they're calling it now) also include a version of tail. Some examples:
mTail
Tail for Win32
WinTail
MakeLogic Tail
Some of these go far beyond just displaying the file in real-time as it updates and can send email alerts and colorize string matches, monitor multiple files at once, etc.
Slow:
for /f "delims=" %a in ('php-cli script.php') do #echo %a&echo %a>>log.txt
or in a batch file:
for /f "delims=" %%a in ('php-cli script.php') do #echo %%a&echo %%a>>log.txt