SnapOverflow

SnapOverflow Logo SnapOverflow Logo

SnapOverflow Navigation

  • Home
  • Server
  • Ubuntu

Mobile menu

Close
  • Home
  • System Administrators
    • Hot Questions
    • New Questions
    • Tags
  • Ubuntu
    • Hot Questions
    • New Questions
    • Tags
  • Help
Home / server / Questions / 1966
In Process
cletus
cletus
Asked: 2009-05-01 16:47:16 +0800 CST2009-05-01 16:47:16 +0800 CST 2009-05-01 16:47:16 +0800 CST

How do you find what process is holding a file open in Windows?

  • 772

One thing that annoys me no end about Windows is the old sharing violation error. Often you can't identify what's holding it open. Usually it's just an editor or explorer just pointing to a relevant directory but sometimes I've had to resort to rebooting my machine.

Any suggestions on how to find the culprit?

windows file-sharing
  • 16 16 Answers
  • 842167 Views

16 Answers

  • Voted
  1. Eddie
    2009-05-01T17:03:15+08:002009-05-01T17:03:15+08:00

    I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.

    To find a specific file, use the menu option Find->Find Handle or DLL... Type in part of the path to the file. The list of processes will appear below.

    If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.

    Examples

    • c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\" (finds all files opened from drive e:\"
    • c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"
    • 507
  2. Svish
    2013-09-11T03:48:00+08:002013-09-11T03:48:00+08:00

    You can use the Resource Monitor for this which comes built-in with Windows 7, 8, and 10.

    1. Open Resource Monitor, which can be found
      • By searching for Resource Monitor or resmon.exe in the start menu, or
      • As a button on the Performance tab in your Task Manager
    2. Go to the CPU tab
    3. Use the search field in the Associated Handles section
      • See blue arrow in screen shot below

    When you've found the handle, you can identify the process by looking at the Image and/or PID column.

    You can then try to close the application as you normally would, or, if that's not possible, just right-click the handle and kill the process directly from there. Easy peasy!

    Resource Monitor screenshot

    Copied from my original answer: https://superuser.com/a/643312/62

    • 281
  3. Mark Sowul
    2009-05-31T09:04:27+08:002009-05-31T09:04:27+08:00

    Just be very careful with closing handles; it's even more dangerous than you'd think, because of handle recycling - if you close the file handle, and the program opens something else, that original file handle you closed may be reused for that "something else." And now guess what happens if the program continues, thinking it is working on the file (whose handle you closed), when in fact that file handle is now pointing to something else.

    see Raymond Chen's post on this topic

    Suppose a search index service has a file open for indexing but has gotten stuck temporarily and you want to delete the file, so you (unwisely) force the handle closed. The search index service opens its log file in order to record some information, and the handle to the deleted file is recycled as the handle to the log file. The stuck operation finally completes, and the search index service finally gets around to closing that handle it had open, but it ends up unwittingly closing the log file handle.

    The search index service opens another file, say a configuration file for writing so it can update some persistent state. The handle for the log file gets recycled as the handle for the configuration file. The search index service wants to log some information, so it writes to its log file. Unfortunately, the log file handle was closed and the handle reused for its configuration file. The logged information goes into the configuration file, corrupting it.

    Meanwhile, another handle you forced closed was reused as a mutex handle, which is used to help prevent data from being corrupted. When the original file handle is closed, the mutex handle is closed and the protections against data corruption are lost. The longer the service runs, the more corrupted its indexes become. Eventually, somebody notices the index is returning incorrect results. And when you try to restart the service, it fails because its configuration files have been corrupted.

    You report the problem to the company that makes the search index service and they determine that the index has been corrupted, the log file has mysteriously stopped logging, and the configuration file was overwritten with garbage. Some poor technician is assigned the hopeless task of figuring out why the service corrupts its indexes and configuration files, unaware that the source of the corruption is that you forced a handle closed.

    • 102
  4. John Fouhy
    2009-05-01T17:18:36+08:002009-05-01T17:18:36+08:00

    Try the openfiles command.

    You might have to enable listing of localy opened files by running openfiles /local on and rebooting.

    • 98
  5. Greg Hewgill
    2009-05-01T16:52:31+08:002009-05-01T16:52:31+08:00

    I've used Handle with success to find such processes in the past.

    • 28
  6. Scoregraphic
    2009-10-13T05:06:32+08:002009-10-13T05:06:32+08:00

    Lockhunter (http://lockhunter.com/) works on 32 and 64bit systems.

    • 12
  7. Maximus Minimus
    2009-10-13T06:27:09+08:002009-10-13T06:27:09+08:00

    Just to clarify, this is more likely to be a result of misbehaving 3rd party apps not using the CreateFile API call correctly than it is to be anything in Windows itself. Perhaps it's a consequence of the design of CreateFile, but done is done and we can't go back.

    Basically when opening a file in a Windows program you have the option to specify a flag that allows shared access. If you don't specify the flag, the program takes exclusive access of the file.

    Now, if Explorer seems to be the culprit here, it may be the case that that's just on the surface, and that the true culprit is something that installs a shell extension that opens all files in a folder for it's own purposes but is either too gung-ho in doing so, or that doesn't clean up properly after itself. Symantec AV is something I've seen doing this before, and I wouldn't be surprised if other AV programs were also to blame. Source control plug-ins may also be at fault.

    So not really an answer, but just some advice to not always blame Windows for what may be a badly written 3rd party program (something that can also happen on any other OS which has implicit file locking, but any unix based OS has shared access by default).

    • 8
  8. K. Brian Kelley
    2009-05-01T17:01:37+08:002009-05-01T17:01:37+08:00

    On a remote server, when you're checking on a network share, something as simple as the Computer Management console can display this information and close the file.

    • 6
  9. Generic Error
    2009-05-06T16:43:22+08:002009-05-06T16:43:22+08:00

    Who Lock Me works well and keeps people amused with the name!

    • 6
  10. dave
    2009-06-04T06:01:03+08:002009-06-04T06:01:03+08:00

    Apropos Explorer holding a file open: "When this happens on a file you need to delete, you have the choice of forcing the handle closed, or rebooting."

    You can just end Explorer.

    If this is a one-time thing (Explorer does not normally hold this file open) then I would guess logging off and logging back on will do the trick.

    Otherwise, kill the desktop Explorer process and do what you want while it's gone. First start a copy of cmd.exe (you need a UI to do your intended cleanup). Make sure there are no non-desktop Explorers running. Then kill the last Explorer with, e.g., Task Manager. Do what you want in the command prompt. Finally, run Explorer from the command prompt, and it will become the desktop.

    I'd guess there may be some residual unpleasantness if some systray programs can't deal with the shell restarting.

    • 6

Sidebar

Stats

  • Questions 681965
  • Answers 980273
  • Best Answers 280204
  • Users 287326
  • Popular
  • Answers
  • Marko Smith

    Ping a Specific Port

    • 18 Answers
  • Marko Smith

    What port does SFTP use?

    • 6 Answers
  • Marko Smith

    Resolve host name from IP address

    • 8 Answers
  • Marko Smith

    How can I sort du -h output by size

    • 30 Answers
  • Marko Smith

    Command line to list users in a Windows Active Directory group?

    • 9 Answers
  • Marko Smith

    What's the command-line utility in Windows to do a reverse DNS look-up?

    • 14 Answers
  • Marko Smith

    How to check if a port is blocked on a Windows machine?

    • 4 Answers
  • Marko Smith

    What port should I open to allow remote desktop?

    • 9 Answers
  • Marko Smith

    What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

    • 3 Answers
  • Marko Smith

    How to determine if a bash variable is empty?

    • 15 Answers
  • Martin Hope
    Davie Ping a Specific Port 2009-10-09 01:57:50 +0800 CST
  • Martin Hope
    Deepak Mittal How to run a server on port 80 as a normal user on Linux? 2008-11-11 06:31:11 +0800 CST
  • Martin Hope
    MikeN In Nginx, how can I rewrite all http requests to https while maintaining sub-domain? 2009-09-22 06:04:43 +0800 CST
  • Martin Hope
    Tom Feiner How can I sort du -h output by size 2009-02-26 05:42:42 +0800 CST
  • Martin Hope
    0x89 What is the difference between double and single square brackets in bash? 2009-08-10 13:11:51 +0800 CST
  • Martin Hope
    kch How do I change my private key passphrase? 2009-08-06 21:37:57 +0800 CST
  • Martin Hope
    Kyle Brandt How does IPv4 Subnetting Work? 2009-08-05 06:05:31 +0800 CST
  • Martin Hope
    Noah Goodrich What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats? 2009-05-19 18:24:42 +0800 CST
  • Martin Hope
    Brent How to determine if a bash variable is empty? 2009-05-13 09:54:48 +0800 CST
  • Martin Hope
    cletus How do you find what process is holding a file open in Windows? 2009-05-01 16:47:16 +0800 CST

Related Questions

Trending Tags

linux nginx windows networking ubuntu domain-name-system amazon-web-services active-directory apache-2.4 ssh

Explore

  • Home
  • Questions
    • Hot Questions
    • New Questions
  • Tags
  • Help

Footer

SnapOverflow

About Us

  • About Us
  • Contact Us

Legal Stuff

  • Privacy Policy

Help

© 2022 SOF-TR. All Rights Reserve