I'm currently getting an "out of handles" error in my Event Viewer for a program.
What would be a good program to list what processes are using file handles?
An example would be 'lsof' in the *nix world.
Use processexplorer
http://technet.microsoft.com/en-us/sysinternals/bb896653
From the introduction:
The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened
The handle mode is the one you're interested in.
For Chrome on my box I see for example:
You can also search for a handle by name.
You could use Handle tool from SysInternals.
https://technet.microsoft.com/en-us/sysinternals/bb896655.aspx
In this question on Unix SE How to get over “device or resource busy” OP mention that he use LockHunter on Windows. It's great tool, just right click on file or directory and find the process that locking it and you can delete or unlock it with single click.
Related
I have been trying to figure out how to programmatically identify the process that has a lock on a particular file. I've searched through the Win32 API and WMI, but so far I can't find anything. I know it's possible - Sysinternals is able to list every resource accessed/locked by every process on the system.
Can anyone drop me a hint?
You can use handle.exe from Sysinternals.
Something like:
> handle /accepteula C:\path\to\directory
...
program.exe pid: 1234 type: File 2E4: C:\path\to\directory
...
Thanks to https://stackoverflow.com/a/599268/367916 .
You could use Process Explorer from Microsoft
Download & unpack & run Process Explorer
Click Find menu and then click Find Handle or DLL... or press CTRL + F
Copy and paste path to locked folder of file
Click Search, you can kill process from main Process Explorer window
If you can limit yourself to new enough versions of Windows, the Restart Manager can tell you which process has a particular file open.
Because of the way Process Explorer works, I suspect that what you need to look for is a way of finding the file handles attached to a given process, and that you'll have to pull that list for each process in the system and look for your file within it.
I don't know in Windows, but somebody might find useful to know that, in Linux, you can use the lsof command, or just search through the folders /proc/PROCESS_ID/fd and see what process has opened the file.
WhoLockMe is a nice right click windows explorer extension.
This article might be helpful to you.
It appears you are forced to search through the list of files for each process on the system using undocumented functions in ntdll.dll.
I want to understand and track what an executable program/application/process is doing my computer. How can I find all the files (like ouput files, log files, etc.) that it has opened or is accessing when it is running?
Process Explorer has a second pane, showing all open handles:
Also Process Monitor can monitor and log all registry and file access from a process.
Process Monitor sounds exactly what you are looking for.
Just find your process and it tells you in detail what the process is doing, more so than Process Explorer.
I'm looking for the cleanest way to get all open windows and have access to moving/resizing them. I'd like to be able to get their current locations and move them where I'd like.
I want access to all windows, not just top level ones.
Thanks
One way to get the list of processes running is shown on this tutorial: Win32 APIs for Process Retrieval. Another way is through EnumDesktopWindows.
If at this point you have access to the window's handle then you can move it with SetWindowPos(). But if you only have access to it's title, then you'll need to use FindWindow() first and obtain a handle to that window.
Here is an example that shows how to do several different operations on a specific window, including how to move it to another location.
This is a very general question:
I was wondering whether it is possible to find out whether an application (any kind of application no matter if it a delphi-application or java or whatever) was started by a user or by another application? And if it is possible and I see that an application was called by another one, can I find out what the "father" application is, that called the new programm?
Thnx in advance!
EDIT: Maybe it is too general - How can I see whether a Delphi application has a parent application with Delphi itself, e.g. one application was started by a service and I need to find that service?
Every single running application has a parent application, which launched it (except for root system process).
It is not possible to tell, whenever it is user who directly clicked on application to lauch it or not.
Example: take Explorer shell (not Internet Explorer).
You can double click on any application to launch it. The parent process will be explorer.exe.
You can right-click on any file and a bunch of context menu extenders will load. Some of them may launch external applications to, say, create a preview of video-file (I saw this, swear!). The parent process will be explorer.exe, but user didn't indended to lauch any application. He just wants to view file's properties. He didn't even know, that applications were lauched!
Example: take Total Commander or any other two-panel file managers, which supports plugins for archives.
You can double click on any
application to launch it. The parent
process will be totalcmd.exe.
You may enter archive file and copy
(extract) few files from it to your
Documents folders. Corresponding
plugin may handle extraction by
itself or run invisible process to
handle all work. All you see is
progress bar in Total Commander. But
there is a new proces and its parent
is totalcmd.exe again.
There are no differences between cases 1 and 2 in both examples.
BTW, the definition "started by user" is unclear. You even may say that nothing can happen without user's command. All those background processes in cases #2 were launched because user asked for it. Well, user didn't asked for lauch explicitly, but he asked for operation itself.
You don't mention if you want to do this programmatically or if you're looking for a tool to just show the information.
If you just want to view the information, you can use Process Monitor, part of SysInternals:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
In the Tools menu, there is a 'Process Tree' view that shows you a tree with parent / child process relationships and as well as the owner of each process.
If you want even more detail about processes, look at Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
if it started by the user from windows so the parent will be explorer.exe, otherwise the parent will be the application which run the process.
to check the parent of a process by using tool check Ander Miller reply.
Did you see this question?
I'm not sure that I see problem right now.
I have been trying to figure out how to programmatically identify the process that has a lock on a particular file. I've searched through the Win32 API and WMI, but so far I can't find anything. I know it's possible - Sysinternals is able to list every resource accessed/locked by every process on the system.
Can anyone drop me a hint?
You can use handle.exe from Sysinternals.
Something like:
> handle /accepteula C:\path\to\directory
...
program.exe pid: 1234 type: File 2E4: C:\path\to\directory
...
Thanks to https://stackoverflow.com/a/599268/367916 .
You could use Process Explorer from Microsoft
Download & unpack & run Process Explorer
Click Find menu and then click Find Handle or DLL... or press CTRL + F
Copy and paste path to locked folder of file
Click Search, you can kill process from main Process Explorer window
If you can limit yourself to new enough versions of Windows, the Restart Manager can tell you which process has a particular file open.
Because of the way Process Explorer works, I suspect that what you need to look for is a way of finding the file handles attached to a given process, and that you'll have to pull that list for each process in the system and look for your file within it.
I don't know in Windows, but somebody might find useful to know that, in Linux, you can use the lsof command, or just search through the folders /proc/PROCESS_ID/fd and see what process has opened the file.
WhoLockMe is a nice right click windows explorer extension.
This article might be helpful to you.
It appears you are forced to search through the list of files for each process on the system using undocumented functions in ntdll.dll.