Program which monitors and logs file accesses and/or file handle count? RRS feed

  • Question

  • I am attempting to troubleshoot a problem where a data file created by our application, is sometimes getting corrupted by insertion of data which appears like it comes from a completely different process or thread - that is, the data being inserted is not at all the data which normally goes in that file. I've never seen something like this before, and trying to figure out how to troubleshoot this.

    Someone I spoke with suggested they had seen similar behavior in the past, when a process was leaking file handles. Apparently it would reach the maximum numbered file handle, then the next time it would request to open a file handle, Windows would "roll back" to zero, and start re-using file handles which were already open to other files. At least, that is what I was told (I'm slightly surprised by that, as I would think Windows would just throw an error when you try to open a file and have no more file handles available, NOT silently return the handle for a different file and cause severe data corruption.

    So, I know that the Process Explorer program from Sysinternals can show you the count of file handles that a program has open. BUT, the problem is, you have to be looking at the system at the time a problem is happening, to see that a process has an extreme number of file handles open. What I would like is a program which allows me to LOG file handle usage, and what processes have accessed a particular file.

    Ideally, I'd like one or more of the following capabilities, and I'm wondering if anyone knows of a program that already exists to do this:

    * Check the list of open processes, and the number of open file handles for each process, periodically (say, every 10 seconds, maybe?), and record that number, so that I can plot an X/Y graph of file count per process, over time (so that I can see, for example, if one process is trending up steadily over time, growing without bound).

    * Check the list of open process, and the number of open file handles for each process. Record a "high water mark" for each process - that is, the maximum number of file handles opened by each process over time, so that I can see if any process is going up to like 16.7 million file handles open at some point.

    * Any time any process writes to the file handle for a given file, log which processes have written to that file, so that if 2 processes have written to a file which only a single process should ever be writing to, I can see which other process wrote to that file.

    Thank you for any suggestions you can provide!
    Monday, August 12, 2013 5:54 PM


All replies