Rajat wrote:
I've used the Handle.exe and got the following results:
------------------------------------------------------------------------------
notepad.exe pid: 3540 COMP\rajatd
C: File (RW-) C:\Documents and Settings\rajatd\Desktop
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
wordpad.exe pid: 2212 COMP\rajatd
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-
Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: Section \BaseNamedObjects\ShimSharedMemory
F8: Section \BaseNamedObjects
\CiceroSharedMemDefaultS-1-5-21-57989841-1580818891-839522115-1653
170: Section \BaseNamedObjects\RotHintTable
184: File (RW-) C:\Documents and Settings\rajatd\My Documents
I've also parsed this output for the PIDS. But no where in the result
I got to know what file has been associated with a PID.
Does for this I need to use pustil?
Well unless I'm missing your point considerably, the output tells
you all you need to know: notepad.exe (pid 3540) has some kind
of handle open on the desktop, the common controls DLL and an
area of shared memory. As has been pointed out elsewhere, notepad
doesn't hold the file open which it's editing: it opens it, reads
the contents, and closes it again.
For demonstration purposes:
<code>
import os, sys
import subprocess
f = open (sys.executable)
subprocess.call (["handle", sys.executable])
f.close ()
</code>
TJG
--
http://mail.python.org/mailman/listinfo/python-list
