How do you know which process has an open file descriptor? In particular, how do you do this?
There may be an API for this, I don't know. If so, it could be an API in the kernel.
Another possibility (sorry I'm vague, but I am answering this now if no one else answers the best answer) is that there is no (documented) API and that the programs that do this use undocumented knowledge of the contents of the descriptor and / or the memory that the descriptor (when viewed as a pointer) points to: for example, I found the "Kernel for processing kernel objects", and I think that this (people saying that they had reverse structures of undocumented memory structures) is that I remember reading in hand duction Softice a few years ago.
One place to look for more information may be the file system filter drivers .
Another (perhaps better) way could be to use depends or dumpbin /imports to try and see which APIs the relevant Sysinternals program uses.
depends
dumpbin /imports
The process researcher at Sysinternals will tell you this.
Source: https://habr.com/ru/post/1286372/More articles:Why is the WSDL selected by JAX-WS with every WS call? - wsdlHow to cache an IQueryable object? - cachingReporting Services 2008 - Long Signatures Cause Page Breaks - reporting-servicesjavan - whenever crontab with Capistrano deployment is not written - ruby-on-railsHow to prevent network ports remaining open when a program crashes - cHibernate OneToMany example with compound Key - javaWeb service timeout while debugging Silverlight - asp.netWhy can't I transfer the psd file (Photoshop) to SVN? - visualsvn-serverInterprocess communication on windows - c ++In the Entity Framework, how can I create a reference constraint using a subset of the primary key? - entity-frameworkAll Articles