tool to identify file usage

  • Thread starter Thread starter cactus
  • Start date Start date
John said:
Well I'll be hornswoggled. Learn something every day. On the other hand,
this means that Process Explorer's cabability to indicate open files
would be worthless.
Click to expand...

If a program does that (open file -> load into memory ->close file /
open file -> write changes to disk -> close file ), it technically does
not have the file "open" at all, for the duration that it is running.

So, the question of Process Explorer's cabability to indicate open files
being worthless in this scenario does not arise :)
 
cactus said:
Does anyone know of a tool that indicates which program or process is
using a specific file?

TIA
Click to expand...
Thank you all! Excellent, useful tools and a good conversation to boot.
I feel like its my birthday.

BTW, process explorer worked, but I will be using FileMon in the future.

Regards
 
Roger Hunt said:
5 meg a minute? That's nothing! Try gl_log with Quake2. 516MB in one
minute here.
That's one scary big log file. :-)
Click to expand...

AACK!

I'd need to raise the laser shields, or it'd make my computer burst
into a fiery ball and explode!
 
omega said:
AACK!

I'd need to raise the laser shields,
Click to expand...
(type "god" at console for an easy time)
or it'd make my computer burst
into a fiery ball and explode!
Click to expand...
I've had that experience here - motherboard components floating on
puddles of molten solder. Smoking, popping and crackling - and still the
power was being supplied!
I never imagined a loose CPU heat sink could cause such a disaster. :-)
 
I've had that experience here - motherboard components floating on
puddles of molten solder. Smoking, popping and crackling - and still the
power was being supplied!
I never imagined a loose CPU heat sink could cause such a disaster. :-)
Click to expand...

Interesting... Last week one of our PCs, which had been powered on
continuously for weeks, seemed to not come out of standby. The HD
indicator light was on continuously. On rebooting, the HD light came on at
the same time the power light came on and the PC would not boot.

When I opened the case, I discovered the CPU chip's heat sink with attached
fan had come completly detached from the CPU and was dangling from the
fan's power cord. I'm assuming the CPU chip is fried. Wonder how much all
this would cost to fix?
 
John Corliss wrote:
[SNIP]
Well I'll be hornswoggled. Learn something every day. On the other hand,
this means that Process Explorer's cabability to indicate open files
would be worthless.
Click to expand...
Well, yes. That's why you use a tool like /truss/, which logs the
function calls that a program makes.

Now, do sysinternals have one like /truss/... Oh, of course, use
*filemon* to trace file activity, silly me,
<http://www.sysinternals.com/ntw2k/source/filemon.shtml>

Cheers,
Gary B-)
 
On that special day, baker, ([email protected]) said...
When I opened the case, I discovered the CPU chip's heat sink with attached
fan had come completly detached from the CPU and was dangling from the
fan's power cord. I'm assuming the CPU chip is fried. Wonder how much all
this would cost to fix?
Click to expand...

No idea. If it went really bad, you might have to buy a new motherboard
and memory, too.


Gabriele Neukam

(e-mail address removed)
 
B. R. 'BeAr' said:
Any file opened later (via file->open or such methods) is out of scope
for Process Explorer. The only exception is if the program holds a
document file open all the time. Then (and only with the newest version
of Process Explorer) you are able to see this document, too.

BeAr
Click to expand...

HI BeAr,

I don't think this is true. Process Explorer always shows all
currently open files. As described within this thread previously WP
reads a file in memory and closes it after reading so this kind if
files will never be shown.

But if I debug a program and keep Process Explorer open I can see
every change in the used resources directly. When a file is closed it
is shown in red at the first refresh and removed from the list at the
next refresh. When another file is opened it is displayed in green at
the first refresh and 'normal' at the next refresh.
This also does work for any other resource in use by this process.

It would be great thou if Process Explorer could save all used
resources during the lifecycle of a process in a log.

Kind regards, Gert
 
baker said:
Interesting... Last week one of our PCs, which had been powered on
continuously for weeks, seemed to not come out of standby. The HD
indicator light was on continuously. On rebooting, the HD light came on at
the same time the power light came on and the PC would not boot.

When I opened the case, I discovered the CPU chip's heat sink with attached
fan had come completly detached from the CPU and was dangling from the
fan's power cord. I'm assuming the CPU chip is fried. Wonder how much all
this would cost to fix?
Click to expand...
Very very difficult to say, and dependant on whether any other
components have been fried. One problem is that there may be damage to
the motherboard which would instantly fry a replacement CPU, say.
When my motherboard was cooked it was overdue for an upgrade already, (I
was still using SuperSocket7 up until last Christmas), so the whole
system was upgraded to Athlon XP and none of the original components
have been re-used.

Sorry I can't be of much help here, this is an area of too many
unknowns, but if you find out the make of CPU and motherboard it might
be worth posting to the relevant hardware newsgroup.
 
On Sun, 10 Oct 2004 20:54:59 +0200, Gert van der Kooij wrote:

[Process Explorer behavior]
I don't think this is true. Process Explorer always shows all
currently open files. As described within this thread previously WP
reads a file in memory and closes it after reading so this kind if
files will never be shown.

But if I debug a program and keep Process Explorer open I can see
every change in the used resources directly. When a file is closed it
is shown in red at the first refresh and removed from the list at the
next refresh. When another file is opened it is displayed in green at
the first refresh and 'normal' at the next refresh.
This also does work for any other resource in use by this process.
Click to expand...

I know this. But it depends strongly on timing issues (what refresh
interval is selected; when do you look into the output of Process
Explorer). I didn't mention these possibilities *on purpose*. It is
of no avail to recommend an unsuitable program for a very special
system analysis. If you choose the refresh interval too long: a file
could have been opened and closed without Process Explorer is even
able to notice. If you choose it to short: you'll perhaps miss every
(color-)phase of the output. Sure, you can play a bit with 'Difference
Highlight Duration'. But that is mere cosmetic:

Process Explorer and FileMon use different approaches to get their
information. Process Explorer polls for changes while FileMon hooks
functions to *get informed*. To get this done, FileMon requires
Administrator privileges while Process Explorer can work on user
level.

You *can* use Process Explorer to find out which Process holds a
certain file open. This is one of the fields where Process Explorer
provides information 'quick and easy'. For in-depth file usage
analysis (what program accesses which files [and when]) you need
FileMon. Another good program for the latter approach is Steve
Millers Dependeny Walker in Profiling Mode:

http://www.dependencywalker.com
It would be great thou if Process Explorer could save all used
resources during the lifecycle of a process in a log.
Click to expand...

Hm. I won't say that Mark Russinovich won't do something in future.
He has done a lot of things, most people didn't believe to ever
happen. But: ProcessExplorer shows *snapshots* of the system. It
is *no logging* program. That's why you are able to save current
state information, but no log. (Yet. ;-) )

BeAr
 
On that special day, baker, ([email protected]) said...


No idea. If it went really bad, you might have to buy a new
motherboard and memory, too.


Gabriele Neukam

(e-mail address removed)
Click to expand...

Yes, of course, you're right. Until it's properly checked out there's no
way to know.
 
Very very difficult to say, and dependant on whether any other
components have been fried. One problem is that there may be damage to
the motherboard which would instantly fry a replacement CPU, say.
When my motherboard was cooked it was overdue for an upgrade already,
(I was still using SuperSocket7 up until last Christmas), so the whole
system was upgraded to Athlon XP and none of the original components
have been re-used.

Sorry I can't be of much help here, this is an area of too many
unknowns, but if you find out the make of CPU and motherboard it might
be worth posting to the relevant hardware newsgroup.
Click to expand...

Yes, too many variables. Guess I'll just have to bite the bullet and
give up a bench charge to find out. Thanks...
 
Back
Top