Menus, hot-keys, or toolbar buttons can be used to clear the window, select and deselect monitored volumes including network volumes (Windows NT/2K/XP), save the monitored data to a file, and to filter and search output. When FileMon is started for the first time it will monitor all local hard drives. You must have administrator privilege to run FileMon. If you have questions or problems please visit the Sysinternals Filemon Forum.
It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.įileMon works on NT 4.0, Windows 2000, Windows XP, Windows XP and Windows Server 2003 64-bit Edition, Windows 2003 Server, Windows 95, Windows 98 and Windows ME. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. FileMon is so easy to use that you'll be an expert within minutes. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome.
Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon and Regmon remain for legacy operating system support, including Windows 9x.įileMon monitors and displays file system activity on a system in real-time. So not really an answer, but just some advice to not always blame Windows for what may be a badly written 3rd party program (something that can also happen on any other OS which has implicit file locking, but any unix based OS has shared access by default).Note: Filemon and Regmon have been replaced by Process Monitor on versions of Windows starting with Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista. Source control plug-ins may also be at fault. Symantec AV is something I've seen doing this before, and I wouldn't be surprised if other AV programs were also to blame. Now, if Explorer seems to be the culprit here, it may be the case that that's just on the surface, and that the true culprit is something that installs a shell extension that opens all files in a folder for it's own purposes but is either too gung-ho in doing so, or that doesn't clean up properly after itself. If you don't specify the flag, the program takes exclusive access of the file. Perhaps it's a consequence of the design of CreateFile, but done is done and we can't go back.īasically when opening a file in a Windows program you have the option to specify a flag that allows shared access. Just to clarify, this is more likely to be a result of misbehaving 3rd party apps not using the CreateFile API call correctly than it is to be anything in Windows itself. Source of the corruption is that you forced a handle closed. Service corrupts its indexes and configuration files, unaware that the Poor technician is assigned the hopeless task of figuring out why the Logging, and the configuration file was overwritten with garbage. The index has been corrupted, the log file has mysteriously stopped Longer the service runs, the more corrupted its indexes become.Įventually, somebody notices the index is returning incorrect results.Īnd when you try to restart the service, it fails because itsĬompany that makes the search index service and they determine that Is closed and the protections against data corruption are lost. When the original file handle is closed, the mutex handle Meanwhile, another handle you forced closed was reusedĪs a mutex handle, which is used to help prevent data from beingĬorrupted. The logged information goes into the configuration file, Log file handle was closed and the handle reused for its configurationįile. Log some information, so it writes to its log file. The handle for the log file gets recycled as the
Operation finally completes, and the search index service finally getsĪround to closing that handle it had open, but it ends up unwittinglyįile, say a configuration file for writing so it can update some Log file in order to record some information, and the handle to theĭeleted file is recycled as the handle to the log file. Gotten stuck temporarily and you want to delete the file, so you Suppose a search index service has a file open for indexing but has
Just be very careful with closing handles it's even more dangerous than you'd think, because of handle recycling - if you close the file handle, and the program opens something else, that original file handle you closed may be reused for that "something else." And now guess what happens if the program continues, thinking it is working on the file (whose handle you closed), when in fact that file handle is now pointing to something else.