how to get list or enumerate files(handles) opened by process,
in [Win32 API]
|
From: Sławomir Woźnica on 8 Oct 2009 10:34 Hi I´m trying develope console aplication that will retrive the path of current file opened by the process for example notepad. Let´s sey that in notepad++ I have opened 3 files . I need the list that look like: List: Notepad++: file1.txt file2.txt (curently edited) file3.txt I allredy have the list of processes (Name and PID) .. .. notepad++.exe (PID: 1144) rxvt.exe (PID: 3964) sh.exe (PID: 2064) procexp.exe (PID: 3528) devenv.exe (PID: 4048) firefox.exe (PID: 3428) rxvt.exe (PID: 3956) sh.exe (PID: 2512) rxvt.exe (PID: 1072) sh.exe (PID: 824) mobsync.exe (PID: 1148) sh.exe (PID: 872) spyprocess.exe (PID: 1144) ...... I also have list of modules used by process ..(peace of this list:) .. Process ID: 1144 C:\Program Files\Notepad++\notepad++.exe (0x00400000) C:\Windows\system32\ntdll.dll (0x775B0000) C:\Windows\system32\kernel32.dll (0x76C30000) C:\Windows\WinSxS\x86_microsoft.windows.common- controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a08 979cc \COMCTL32.dll (0x74B90000) C:\Windows\system32\msvcrt.dll (0x770F0000) C:\Windows\system32\ADVAPI32.dll (0x76DE0000) C:\Windows\system32\RPCRT4.dll (0x76F00000) C:\Windows\system32\GDI32.dll (0x76B10000) C:\Windows\system32\USER32.dll (0x77050000) C:\Windows\system32\SHLWAPI.dll (0x776F0000) C:\Windows\system32\SHELL32.dll (0x75F40000) C:\Windows\system32\comdlg32.dll (0x76FD0000) C:\Windows\system32\ole32.dll (0x772D0000) C:\Windows\system32\IMM32.DLL (0x777F0000) C:\Windows\system32\MSCTF.dll (0x76B60000) C:\Windows\system32\LPK.DLL (0x776E0000) C:\Windows\system32\USP10.dll (0x76D10000) C:\Windows\system32\WS2_32.dll (0x75E30000) C:\Windows\system32\NSI.dll (0x77750000) C:\Windows\system32\NTMARTA.DLL (0x75C90000) C:\Windows\system32\WLDAP32.dll (0x76D90000) C:\Windows\system32\PSAPI.DLL (0x75D90000) C:\Windows\system32\SAMLIB.dll (0x75C70000) C:\Program Files\Notepad++\SciLexer.DLL (0x10000000) C:\Windows\system32\Msimg32.dll (0x75120000) C:\Windows\system32\uxtheme.dll (0x74E90000) C:\Windows\system32\SETUPAPI.dll (0x77420000) C:\Windows\system32\OLEAUT32.dll (0x76A80000) ........ I used EnumProcessModules() function and then retrive list of modules, but I cant reach to the handle of current file (file1.txt) opened by process or just list of all files(handles) opened by process, Can you please help me with this?
From: Christian ASTOR on 8 Oct 2009 11:19 On 8 oct, 16:34, S³awomir Wo¼nica <slawomir.wozn...(a)gmail.com> wrote: > Hi > > I´m trying develope console aplication that will retrive the path of > current file opened by the process for example notepad. > > Let´s sey that in notepad++ I have opened 3 files . > I need the list that look like: > > List: > Notepad++: > file1.txt > file2.txt (curently edited) > file3.txt It's specific for each application. The normal way to enumerate the handle table is with NtQuerySystemInformation() to get handles for each PID, but programs like Notepad or Notepad++ close the handles. (you can enumerate tabs of the Tab control of Notepad++ for example...)
From: Uwe Sieber on 9 Oct 2009 03:07 Sławomir Woźnica wrote: > Hi > > I´m trying develope console aplication that will retrive the path of > current file opened by the process for example notepad. > > I used EnumProcessModules() function and then retrive > list of modules, but I cant reach to the handle of current file > (file1.txt) opened by process or just list of all files(handles) > opened by process, > > Can you please help me with this? google for NtQuerySystemInformation NtQueryObject Best hit: http://forum.sysinternals.com/forum_posts.asp?TID=3577 Probem: Before calling NtQueryObject you don't know the type of handle. But if you call NtQueryObject for a waiting pipe then it will not return until the pipe stops waiting. Seems a driver is required to overcome this... Uwe
From: kcynice on 10 Oct 2009 10:10 > I used EnumProcessModules() function and then retrive > list of modules, but I cant reach to the handle of current file > (file1.txt) opened by process or just list of all files(handles) > opened by process, > > Can you please help me with this? You use EnumProcessModules? I think this function is only used to retrieve module images it loaded into its process memory space. Waht i said modules are different with the files it opened. Dll files are common. btw, why i use EnumProcessModules function will get an error code:ERROR_GEN_FAILURE?
|
Pages: 1 Prev: Detecting hidden files Next: DwmSetIconicLivePreviewBitmap Failed |