Monday, 18 June 2012

C# GUI to View Processes Open Handles (Files, RegKeys, etc...) just like SysInternal's ProcessExplorer

How many times have you tried to find which file was open in one of your currently open processes?

One of the few reasons I use SysInternals ProcessExplorer is to use it 'Find Handle' capabilities, which allows me to find the processes that are locking a particular file.

I always wanted to do this from C# (and O2), and this weekend, based on the code from the StackOverflow's what process lock a file answer, I was able to build an O2 script that collects information about all open handles in the processes the current user has access to (you will need admin privs to look at all running processes)

You can see the scripts created here, and below is a video that shows the Tool - View Open Handles for all Processes.h2 in action (note the ability to quickly search on all open file handles)

Note 1: this script was written in C# using a couple Win32 DLLImport methods and can be executed by non-admins on userland (somehow I was under the impression that this type of handle information was only available: a) via the kernel, or b) if we hook all processes and got the handle data from via 'dll injection-code-execution')
Note 2: If it hangs while getting the process' handles, sometimes it helps to kill the process (for example TGitCache.exe) that is causing trouble (see the last entry on the LogViewer)  There is also quite a lot of memory allocs going on in the conversion of unmanaged data into C# objects, so this script will leak a lot of memory (i.e. you will not be able to use that process for a long time :) )