Google Answers Logo
View Question
Q: windows nt/2000/xp scanning utility ( Answered 5 out of 5 stars,   0 Comments )
Subject: windows nt/2000/xp scanning utility
Category: Computers > Operating Systems
Asked by: banti-ga
List Price: $10.00
Posted: 24 Aug 2002 19:34 PDT
Expires: 23 Sep 2002 19:34 PDT
Question ID: 58230
I need to find out how to scan the memory and locked files on nt,2000
and xp. I will use this utility to find out which file is being locked
by which specefic program or utility or dll or exe or winows service
when I use this utility. Also this utility should able to scan the
memory and give me the statistics of resource utilization.
Subject: Re: windows nt/2000/xp scanning utility
Answered By: poormattie-ga on 24 Aug 2002 23:01 PDT
Rated:5 out of 5 stars
You'll find that a freeware utility exists to provide the exact
functionality you're looking for. This award-winning application is
called "Process Explorer" (you may have heard of its predecessor
"HandleEx"). A version that supports NT/XP/2000 can be downloaded from
this page:

This tool was designed by SysInternals to give you exactly the
information you seek. It provides a hierarchical list of the processes
on your system in a tree view that you can navigate easily. By
default, highlighting any process will display (in the lower panel)
the list of system resources that the process is holding. Among other
things, this includes the files, directories, registry keys, and
synchronization objects that the process has obtained a handle to. (If
you happen to be particularly interested in which DLL's the process
has loaded and locked, pressing Ctrl+D or choosing View | View DLLs
will display those instead in the lower panel.)

One of the more useful features is the ability to search the process
space for a specific handle name that is currently held by a process.
By pressing Ctrl+F or using the Search | Find menu option, you can
specify a string (such as a filename or directory name) that you
suspect is being held by any processes. Process Explorer will quickly
list each of the processes with a handle to that object.

Additionally, Process Explorer can give you a good amount of detail
related to the memory and resources used by any given process. By
default it lists the CPU utilization and handle count in its tree
view. To get detailed information regarding its memory and resource
utilization, you can right-click on any process name and choose
"Properties". All of the tabs on the resulting dialog provide useful
information, but the "Performance" tab will display statistics such as
how much memory is in use by the application, how often it has
read/written to Input/Output devices, as well as how many
graphics-related handles the process holds.

You'll find that this site/tool provider, SysInternals, is an
excellent source for tools of this nature. Many IT professionals use
their tools in debugging all sorts of treacherous computing problems.
Their central website is here:
and, specifically, their NT/2000/XP utilities page is located here:

You'll notice other free tools (sometimes with source code) that they
provide that can also provide some of the information you need:
  ListDLLs-- command-line utility to display loaded modules by
  Handle-- command-line utility to display files/directories opened by
  PsList-- command-line utility to display process statistics (e.g.

Another software vendor creates tools that provide the functionality
you need, Igor Arsenin. One of the more fully-featured applications he
provides is a shareware utility called TaskInfo2002. Its homepage is
located here:

(The vendor claims that this tool is free to try for 30 days, and is
$35.00 to license afterwards.)

Right upon starting up, this utility provides the information you
need. By selecting the "All Open Files" tab from the middle-right
panel, TaskInfo2002 will list all processes with open files and the
full path to those files. Additionally, the process list in the left
panel can provide vital memory statistics (you may have to move the
scroll bar or panel splitter to see them all). By highlighting a
process, the lower right panel will provide even further detail about
the process, including all of its resource and handle allocation.

Hopefully these tools will offer you more than enough information
about the locked files and memory in use by processes. If these tools
do not provide the information you need, please do not hesitate to ask
for (or provide) additional clarification before rating this answer.
I'm very well-versed in this area and can certainly elaborate further
if you find it necessary.

In researching this topic, I used the following Google search terms,
which may help you in finding additional information:
  "Windows XP" advanced tools
  "process explorer"
  win32 system information tools

Request for Answer Clarification by banti-ga on 25 Aug 2002 07:42 PDT
I still want to clarify one thing .What exactly I am looking for is
for example there is dll file called xyz.dll on my operating system .
Now this file is locked by some program or process called abc , so
when I select xyz.dll the utility will give me the process deatils
about abc.
The utility you have mentioned seems to work other way round where you
specify the process then it will give what is being used by that
process. Please clarify this.
 By working other way round I might have to go through each and every
process before I find out which process has locked the file(dll) I am
trying to get access for, this will become a very time consuming task
as you know opertaing system has so many process running at any time.

Clarification of Answer by poormattie-ga on 25 Aug 2002 09:40 PDT
Thanks for giving me a chance to clarify my answer. Definitely always
ask for additional clarification if you require it.

As I mentioned briefly above in my answer, Process Explorer has a very
useful mechanism for searching for a specific file, directory, DLL,
etc. This will allow you to avoid having to look at every process to
find the module that is currently being held.

Press Ctrl+F (or use the Search|Find menu command) and Process
Explorer will bring up a dialog box with an edit box for you to type
in the name of module you are looking for (such as "xyz.dll"). Click
"Search" once you've provided the string, and Process Explorer will
provide a list of running processes with a handle to that object (e.g.
all running instances of process "abc", along with any other process
that might also be using "xyz.dll"). After the search is completed,
you can highlight the process in question and (underneath the dialog)
Process Explorer will navigate directly to that process (in the top
panel) and also navigate to that instance of the handle (in the lower
panel). This is great for finding out more information about that
specific process if you need (by closing the "Search" dialog box, and,
if needed, right-clicking on the process name, and choosing

The freeware command-line utility that I also mentioned briefly,
can make it even simpler to track down a process that is using a
particular DLL. From the command-line, you can specify
  listdlls.exe -d xyz.dll
and ListDLLs will output a list of every process that uses that
module. If you're looking for a list of *all* DLLs in use on the
system, just type
and all of the process information will be output to the
command-prompt. Since this may be a lot of information scrolling by,
you may prefer to dump it to a logfile via a command-line like this:
  listdlls.exe > c:\temp\AllDLLs.log

If you're interested in other in-use file types, the SysInternals
command-line tool "Handle"
can provide that information. By typing
from the command-line, all open handles to files, directories, etc,
will be listed. This utility won't specifically track DLLs (use
ListDLLs above for that) unless they are open as resources,  but it is
useful to see processes that are holding on to a specific file (such
as a .TMP file you can't delete, etc). The tool supports substring
searching like this:
  handle.exe .tmp
which would return all ".tmp" files that are open and which processes
have them opened.

The shareware utility I mentioned, TaskInfo2002, does not have a
mechanism to provide the "reverse" view you'd like for DLLs. By
clicking on the "All Open Files" tab as described in my initial
answer, you can get a sortable list of all open files and the
processes that own them, but DLLs are only listed if they are open as

In looking around some more, there are other utilities which claim to
provide the information you're looking for.
   A whitepaper they provide says "You can also search for a specific
DLL to find out exactly which processes are currently using it."

 DLL Show 2000
   From their website: "DLL Show displays comprehensive information
about all running processes including memory load, priority and the
DLLs they depend upon."

Hopefully the details I've provided in my answer and this
clarification satisfy your request to Google Answers; please let me
know if not.
banti-ga rated this answer:5 out of 5 stars
Provided all the details asked in a question.Also Clarification to the
answer provided very promplty.

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy