Tuesday, October 14, 2008

find out which files are opened by a process

In Linux, lsof is available to find out lots of stuff about the filesystem, which files are open, by whom or which process, etc. On Windows, the solution seems to be the Sysinternals Process Explorer. The built-in tool on XP, called OpenFiles.exe, needs a flag to be enabled for it to show local non-shared files, or else it says
INFO: The system global flag 'maintain objects list' needs to be enabled to see
local opened files. See Openfiles /? for more information.
Unfortunately Openfiles /? does not give the solution so easily. Found it by googling at ExpertsExchange - The actual answer is more easily given by Openfiles /Local /? which is

OPENFILES /Local [ ON | OFF ]

Description:
   Enables an administrator to enable or disable the system global flag
   'maintain objects list' which tracks local file handles. Changes made
   by this switch will take effect only after restarting the system.
   Note: Enabling this flag adds performance overhead.

Examples:
   OPENFILES /Local
   OPENFILES /Local ON
   OPENFILES /Local OFF
The condition requiring a restart, and the performance overhead, means that we should go with ProcessExplorer....

In Process Explorer, there is a Findmenu item. Using that, just give the substring you want to search for. No wildcards. Just substring. If you want to see any file ending with .mp3, should not give *.mp3, just .mp3. And so on.
Posted by on

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)