You'll find that a freeware utility exists to provide the exact
functionality you're looking for. This award-winning application is
called "Process Explorer" (you may have heard of its predecessor
"HandleEx"). A version that supports NT/XP/2000 can be downloaded from
This tool was designed by SysInternals to give you exactly the
information you seek. It provides a hierarchical list of the processes
on your system in a tree view that you can navigate easily. By
default, highlighting any process will display (in the lower panel)
the list of system resources that the process is holding. Among other
things, this includes the files, directories, registry keys, and
synchronization objects that the process has obtained a handle to. (If
you happen to be particularly interested in which DLL's the process
has loaded and locked, pressing Ctrl+D or choosing View | View DLLs
will display those instead in the lower panel.)
One of the more useful features is the ability to search the process
space for a specific handle name that is currently held by a process.
By pressing Ctrl+F or using the Search | Find menu option, you can
specify a string (such as a filename or directory name) that you
suspect is being held by any processes. Process Explorer will quickly
list each of the processes with a handle to that object.
Additionally, Process Explorer can give you a good amount of detail
related to the memory and resources used by any given process. By
default it lists the CPU utilization and handle count in its tree
view. To get detailed information regarding its memory and resource
utilization, you can right-click on any process name and choose
"Properties". All of the tabs on the resulting dialog provide useful
information, but the "Performance" tab will display statistics such as
how much memory is in use by the application, how often it has
read/written to Input/Output devices, as well as how many
graphics-related handles the process holds.
You'll find that this site/tool provider, SysInternals, is an
excellent source for tools of this nature. Many IT professionals use
their tools in debugging all sorts of treacherous computing problems.
Their central website is here:
and, specifically, their NT/2000/XP utilities page is located here:
You'll notice other free tools (sometimes with source code) that they
provide that can also provide some of the information you need:
ListDLLs-- command-line utility to display loaded modules by
Handle-- command-line utility to display files/directories opened by
PsList-- command-line utility to display process statistics (e.g.
Another software vendor creates tools that provide the functionality
you need, Igor Arsenin. One of the more fully-featured applications he
provides is a shareware utility called TaskInfo2002. Its homepage is
(The vendor claims that this tool is free to try for 30 days, and is
$35.00 to license afterwards.)
Right upon starting up, this utility provides the information you
need. By selecting the "All Open Files" tab from the middle-right
panel, TaskInfo2002 will list all processes with open files and the
full path to those files. Additionally, the process list in the left
panel can provide vital memory statistics (you may have to move the
scroll bar or panel splitter to see them all). By highlighting a
process, the lower right panel will provide even further detail about
the process, including all of its resource and handle allocation.
Hopefully these tools will offer you more than enough information
about the locked files and memory in use by processes. If these tools
do not provide the information you need, please do not hesitate to ask
for (or provide) additional clarification before rating this answer.
I'm very well-versed in this area and can certainly elaborate further
if you find it necessary.
In researching this topic, I used the following Google search terms,
which may help you in finding additional information:
"Windows XP" advanced tools
win32 system information tools
Clarification of Answer by
25 Aug 2002 09:40 PDT
Thanks for giving me a chance to clarify my answer. Definitely always
ask for additional clarification if you require it.
As I mentioned briefly above in my answer, Process Explorer has a very
useful mechanism for searching for a specific file, directory, DLL,
etc. This will allow you to avoid having to look at every process to
find the module that is currently being held.
Press Ctrl+F (or use the Search|Find menu command) and Process
Explorer will bring up a dialog box with an edit box for you to type
in the name of module you are looking for (such as "xyz.dll"). Click
"Search" once you've provided the string, and Process Explorer will
provide a list of running processes with a handle to that object (e.g.
all running instances of process "abc", along with any other process
that might also be using "xyz.dll"). After the search is completed,
you can highlight the process in question and (underneath the dialog)
Process Explorer will navigate directly to that process (in the top
panel) and also navigate to that instance of the handle (in the lower
panel). This is great for finding out more information about that
specific process if you need (by closing the "Search" dialog box, and,
if needed, right-clicking on the process name, and choosing
The freeware command-line utility that I also mentioned briefly,
can make it even simpler to track down a process that is using a
particular DLL. From the command-line, you can specify
listdlls.exe -d xyz.dll
and ListDLLs will output a list of every process that uses that
module. If you're looking for a list of *all* DLLs in use on the
system, just type
and all of the process information will be output to the
command-prompt. Since this may be a lot of information scrolling by,
you may prefer to dump it to a logfile via a command-line like this:
listdlls.exe > c:\temp\AllDLLs.log
If you're interested in other in-use file types, the SysInternals
command-line tool "Handle"
can provide that information. By typing
from the command-line, all open handles to files, directories, etc,
will be listed. This utility won't specifically track DLLs (use
ListDLLs above for that) unless they are open as resources, but it is
useful to see processes that are holding on to a specific file (such
as a .TMP file you can't delete, etc). The tool supports substring
searching like this:
which would return all ".tmp" files that are open and which processes
have them opened.
The shareware utility I mentioned, TaskInfo2002, does not have a
mechanism to provide the "reverse" view you'd like for DLLs. By
clicking on the "All Open Files" tab as described in my initial
answer, you can get a sortable list of all open files and the
processes that own them, but DLLs are only listed if they are open as
In looking around some more, there are other utilities which claim to
provide the information you're looking for.
A whitepaper they provide says "You can also search for a specific
DLL to find out exactly which processes are currently using it."
DLL Show 2000
From their website: "DLL Show displays comprehensive information
about all running processes including memory load, priority and the
DLLs they depend upon."
Hopefully the details I've provided in my answer and this
clarification satisfy your request to Google Answers; please let me
know if not.