Sign in to follow this  
Followers 0
Schuss

Capturing full path of data file(s) open by/in a program

7 posts in this topic

I need to be able to look at any program via its Handle and retrieve the full path of all data files it has open.

Taking ONE VERY SIMPLE CASE -- Notepad:

Given the Handle= 0x0076066E -- it is veeeery easy to find out the following info via function calls:

  • ; ClassName= Notepad
  • ; Title= "_ pushd.txt - Notepad"
  • ; Executable= "C:\WINDOWS\system32\Notepad.exe"
  • ; Open data file= "_ pushd.txt"
  • Now, I can search the computer (or just the data folder) for all files named "_ pushd.txt" to easily retrieve the full path.
  • Except when I find duplicate "_ pushd.txt" files then I can't decide.
  • Notepad doesn't lock a file -- so, I can't find out that way.
  • I have many other programs with open data files that don't put the names of the open file(s) in the app Window Title.
  • Try Word 2007 with fifteen file open -- some docs, others...
  • Try jAlbum
  • Try Chrome with 7 tabs open.
  • My particular case deals with 47 possible applications.
  • Many of them open files outside of the data directory.
Many thanks to anyone :) who can make it look easy or who has a function that does it the hard way!

(I gave up ;) after eight programs in my attempt at a function )

Share this post


Link to post
Share on other sites



#3 ·  Posted (edited)

Bellicus,

Thanks for your response.

Your link was to: Kill Process Tree

I don't see how killing the child processes for Notepad identifies the full path of a document open in Notepad (eg C:datahelp.txt).

For one thing Notepad has no child processes.

Please explain, I must be dense -- Thanks...

Edited by Schuss

Share this post


Link to post
Share on other sites

Bellicus,

I searched the process tree with SysInternals Process Explorer before I started this thread.

  • Notepad has no child processes.

Enter a PID for Notepad, Wordpad or SciTE in the following code fragment (taken from your link). There are no child processes.

  • There is nothing to look at.

$iPID = ProcessExists(InputBox("Enter PID for Notepad etc.", "What is Notepad's PID?"))
If Not $iPID Then exit
Local $aProc_List = ProcessList()
For $i = 1 To $aProc_List[0][0]
  If _ProcessGetParent($aProc_List[$i][1]) = $iPID Then
  Beep()
  ConsoleWrite($aProc_List[$i][1])
EndIf
Next
ConsoleWrite("Searched " & $aProc_List[0][0] & " PID's")
Func _ProcessGetParent($iPID)
  Local $wbemFlagReturnImmediately = 0x10
  Local $wbemFlagForwardOnly = 0x20
  Local $colItems = ""
  Local $strComputer = "localhost"
  $objWMIService = ObjGet("winmgmts:" & $strComputer & "rootCIMV2")
  $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
  If IsObj($colItems) Then
    For $objItem In $colItems
    If $objItem.ProcessID = $iPID Then Return $objItem.ParentProcessID
    Next
  Endif
  Return SetError(1, 0, 0)
EndFunc

I also looked at the NtQuerySystemInformation API, NirSoft OpenedFilesView, SysInternals FileMon & Handle etc.

The solution is probably to enumerate all the handles for open files by the application (Notepad, Wordpad etc.) PID's.

I was hoping to find support in AutoIt to do this gracefully or code from someone who had already hacked their way through it.

So, please explain what you intended me to find in the process tree about DATA files open in Notepad or Winword or SciTe etc?

  • Child Processes?
  • Open file handles?
I'm not finding any of these things.

Share this post


Link to post
Share on other sites

OK, you apparently did much more than I thought on the front end. My mistake.

You thought of already what I was thinking. My thought was getting all open process and then see what files were open by those processes. Obviously this is beyond my skill set.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Bellicus,

Thanks for the reply.

Anyone else? -- Please?

  • Has anyone created a wrapper/function for NtQuerySystemInformation?
  • Has anyone done a wrapper/function for Open File Handles?
  • Has anyone dealt with the issue of programs like Wordpad that work in memory and so don't instigate Open File Handles?
  • Notepad is in memory but it opens a handle to the data file folder and puts the data file name in the title.
I'm a consummate AutoIt Newbie (It even says so above my Avatar), and there is bookoo fat code in this forum. Hit Me, please! Edited by Schuss

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0