I have been trying to figure out how to programmatically identify the process that has a lock on a particular file. I've searched through the Win32 API and WMI, but so far I can't find anything. I know it's possible - Sysinternals is able to list every resource accessed/locked by every process on the system.
Can anyone drop me a hint?
You can use handle.exe from Sysinternals.
Something like:
> handle /accepteula C:\path\to\directory
...
program.exe pid: 1234 type: File 2E4: C:\path\to\directory
...
Thanks to https://stackoverflow.com/a/599268/367916 .
You could use Process Explorer from Microsoft
Download & unpack & run Process Explorer
Click Find menu and then click Find Handle or DLL... or press CTRL + F
Copy and paste path to locked folder of file
Click Search, you can kill process from main Process Explorer window
If you can limit yourself to new enough versions of Windows, the Restart Manager can tell you which process has a particular file open.
Because of the way Process Explorer works, I suspect that what you need to look for is a way of finding the file handles attached to a given process, and that you'll have to pull that list for each process in the system and look for your file within it.
I don't know in Windows, but somebody might find useful to know that, in Linux, you can use the lsof command, or just search through the folders /proc/PROCESS_ID/fd and see what process has opened the file.
WhoLockMe is a nice right click windows explorer extension.
This article might be helpful to you.
It appears you are forced to search through the list of files for each process on the system using undocumented functions in ntdll.dll.
Related
I have been trying to figure out how to programmatically identify the process that has a lock on a particular file. I've searched through the Win32 API and WMI, but so far I can't find anything. I know it's possible - Sysinternals is able to list every resource accessed/locked by every process on the system.
Can anyone drop me a hint?
You can use handle.exe from Sysinternals.
Something like:
> handle /accepteula C:\path\to\directory
...
program.exe pid: 1234 type: File 2E4: C:\path\to\directory
...
Thanks to https://stackoverflow.com/a/599268/367916 .
You could use Process Explorer from Microsoft
Download & unpack & run Process Explorer
Click Find menu and then click Find Handle or DLL... or press CTRL + F
Copy and paste path to locked folder of file
Click Search, you can kill process from main Process Explorer window
If you can limit yourself to new enough versions of Windows, the Restart Manager can tell you which process has a particular file open.
Because of the way Process Explorer works, I suspect that what you need to look for is a way of finding the file handles attached to a given process, and that you'll have to pull that list for each process in the system and look for your file within it.
I don't know in Windows, but somebody might find useful to know that, in Linux, you can use the lsof command, or just search through the folders /proc/PROCESS_ID/fd and see what process has opened the file.
WhoLockMe is a nice right click windows explorer extension.
This article might be helpful to you.
It appears you are forced to search through the list of files for each process on the system using undocumented functions in ntdll.dll.
I want to understand and track what an executable program/application/process is doing my computer. How can I find all the files (like ouput files, log files, etc.) that it has opened or is accessing when it is running?
Process Explorer has a second pane, showing all open handles:
Also Process Monitor can monitor and log all registry and file access from a process.
Process Monitor sounds exactly what you are looking for.
Just find your process and it tells you in detail what the process is doing, more so than Process Explorer.
When deleting a folder that contains a file that is in use, it is common to see the following Windows 7 message,
"The action can't be completed because the folder or a file in it is open in another program."
I commonly have 10-20 programs open, 30-40 folders open, etc. In short, I have many executables running and many windows explorers open.
Does anyone know a simple trick to determine which program is using the file?
Does anyone know a simple trick to determine which file is blocking the delete operation?
This information would be highly useful to display in the Windows 7 'folder in use' dialog, but it is missing.
Consequently I have to close many of my open applications and folders to complete the delete operation. This is annoying because I have to re-open them after deleting them.
Have you seen this other question or this one?
I use to run ProccessExplorer and Find for the blocked folder.
Closing the application Malwarebytes allowed me to delete what I needed to via Windows Explorer.
I'm currently getting an "out of handles" error in my Event Viewer for a program.
What would be a good program to list what processes are using file handles?
An example would be 'lsof' in the *nix world.
Use processexplorer
http://technet.microsoft.com/en-us/sysinternals/bb896653
From the introduction:
The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened
The handle mode is the one you're interested in.
For Chrome on my box I see for example:
You can also search for a handle by name.
You could use Handle tool from SysInternals.
https://technet.microsoft.com/en-us/sysinternals/bb896655.aspx
In this question on Unix SE How to get over “device or resource busy” OP mention that he use LockHunter on Windows. It's great tool, just right click on file or directory and find the process that locking it and you can delete or unlock it with single click.
This problem crops up every now and then at work. Our build machine can have it's files accessed via a normal windows file share. If someone browses a folder remotely on the machine, and leaves the window open overnight, then the build fails (as it has done now). The explorer window left opened points at one of the sub folders in the source tree. The build deletes the source, and does a clean checkout before building. The delete is failing.
Right now, I'd like to get the build to work. I'm logged in from home, and I'd rather not reboot the build machine. I'm unable to get hold of the person whose machine is looking and the files, and I can't remotely reboot their machine.
When a windows share has a lock, the locking process is System, so I don't think I can kill it, as with normal locks.
Does anyone know a way to release the lock on a shared folder without having to reboot the machine?
If you are admin on the server sharing the file over the network, you can use the Windows in-built feature:
Start → My Computer → Right-click → Manage gets you to the Computer
Management console
In the left nav, navigate to Systems Tools → Shared Folders
You can view Shares, Sessions & Open Files here. This allows you to find out who has opened which files from which workstations.
Right-click on an item in the list to be able to remove the file lock.
Hope this helps.
Found a solution.
Find the process using Process Explorer:
Download and extract procexp.exe
In Process Explorer use the "Find Handle or DLL..." command from the "Find" menu
Enter in the name of the directory which is having trouble deleting
A list of open files which match that name should be shown. Take some guesses and find which one is failing to be deleted. If the file is locked by a windows share, the process holding the file will be System
Note down the directory which was left open
Download and install the Unlocker (Warning: Link removed, as it contains malware)
Install Unlocker, disabling the option for Explorer extensions and other junk
Unlock the directory
Open up a cmd window, and navigate to C:\Program Files\Unlocker
From the cmd window, run Unlocker.exe "the-path-to-the-locked-folder"
A dialog will pop up confirming the lock release. Use the unlock button to unlock the file
Now the directory should be unlocked, and can now be deleted.
Try Process Hacker:
https://wj32.org/processhacker/
Process hacker is like Process Explorer on steroids.
To find the offending process, press CTRL+F or click the "Find Handles of DLLs" button and search for the file name.
Once you find the file in the find handles dialog, you can simply right click the file there and choose "close". (at least for v2.39.124)
Older versions had a "terminator" option in the context menu of the process.
Right click on the offending process --> Miscellaneous --> Terminator --> Select termination techniques. Note that some are possibly dangerous and may have unintended consequences.
I've had similar problems, and none of these suggestions I've seen above look suitable for automated overnight builds (as the original poster implied) because they all require manual effort to hunt down and kill the locks.
The only method I've tried that seems to work reliably is to remove the share itself, make the build, then add the share back. Here's one way of removing the share automatically:
D:\Projects>net share Projects /DELETE /Y
Users have open files on Projects. Continuing the operation will force the files closed.
Projects was deleted successfully.
(NOTE: Creating the share again automatically can be a pain if the privilege groups you need to give it are messy.)
The way i do it is by using both OpenFiles.exe and Handle.exe
You can run them in any order and you will have your resource fully unlocked.
OpenFiles: to disconnect File Sharing sessions
Handle.exe: to release any open handles (don't try to close handles belonging to pid4, since that's the system process)
You can automate this by using powershell, batch, or any language of your choice.
Another option is, starting from Windows Vista, to use the Windows tool built into the system:
monitor resources: perfmon.exe /res
Extracted from: Http://www.sysadmit.com/2017/06/windows-how-to-know-that-process-has-open-a-file.html