On Jul 9, 1:21 pm, Tim Golden <m...@timgolden.me.uk> wrote: > Rajat wrote: > > I've used the Handle.exe and got the following results: > > > ------------------------------------------------------------------------------ > > notepad.exe pid: 3540 COMP\rajatd > > C: File (RW-) C:\Documents and Settings\rajatd\Desktop > > 10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- > > Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 > > 44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- > > Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 > > 7C: Section \BaseNamedObjects\ShimSharedMemory > > > ------------------------------------------------------------------------------ > > wordpad.exe pid: 2212 COMP\rajatd > > 1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- > > Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 > > 40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- > > Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 > > 74: Section \BaseNamedObjects\ShimSharedMemory > > F8: Section \BaseNamedObjects > > \CiceroSharedMemDefaultS-1-5-21-57989841-1580818891-839522115-1653 > > 170: Section \BaseNamedObjects\RotHintTable > > 184: File (RW-) C:\Documents and Settings\rajatd\My Documents > > > I've also parsed this output for the PIDS. But no where in the result > > I got to know what file has been associated with a PID. > > > Does for this I need to use pustil? > > Well unless I'm missing your point considerably, the output tells > you all you need to know: notepad.exe (pid 3540) has some kind > of handle open on the desktop, the common controls DLL and an > area of shared memory. As has been pointed out elsewhere, notepad > doesn't hold the file open which it's editing: it opens it, reads > the contents, and closes it again. > > For demonstration purposes: > > <code> > import os, sys > import subprocess > > f = open (sys.executable) > subprocess.call (["handle", sys.executable]) > f.close () > > </code> > > TJG- Hide quoted text - > > - Show quoted text -
The Notepad process information is fine here. However, with wordpad the results are not much differentiating: ------------------------------------------------------------------------------ wordpad.exe pid: 2832 COMP\rajatd 1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 74: Section \BaseNamedObjects\ShimSharedMemory F8: Section \BaseNamedObjects \CiceroSharedMemDefaultS-1-5-21-57989841-1580818891-839522115-1653 170: Section \BaseNamedObjects\RotHintTable 184: File (RW-) C:\Documents and Settings\rajatd\My Documents ------------------------------------------------------------------------------ wordpad.exe pid: 844 COMP\rajatd 1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common- Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 74: Section \BaseNamedObjects\ShimSharedMemory F8: Section \BaseNamedObjects \CiceroSharedMemDefaultS-1-5-21-57989841-1580818891-839522115-1653 170: Section \BaseNamedObjects\RotHintTable 184: File (RW-) C:\Documents and Settings\rajatd\My Documents Both the wordpad applications opened 2 totally different files kept at different locations on the system. So, on the basis of above results one can not say out of these 2 wordpad apps which is the right one that could be closed. The only different thing among the two is the PIDs. -- http://mail.python.org/mailman/listinfo/python-list
