file opening and handles

NTDEV
1

Hi all,

I obsere that notepad doesn’t keep the file open after reading it. Is this
true? Does it copy the entire contents into some cache? I tried opening a
text file with notepad, and then used process explorer to view the open
handles, the was no entry fro the file. Same was teh case with gvim, though
in gvim, there was a swap file created and kept open.

Can someone throw some light on this issue please…

  • amitr0
2

IIRC Notepad uses memory-mapped files.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “amitr0”
To: “Windows System Software Devs Interest List”
Sent: Thursday, February 02, 2006 4:16 PM
Subject: [ntdev] file opening and handles

Hi all,

I obsere that notepad doesn’t keep the file open after reading it. Is this
true? Does it copy the entire contents into some cache? I tried opening a
text file with notepad, and then used process explorer to view the open
handles, the was no entry fro the file. Same was teh case with gvim, though
in gvim, there was a swap file created and kept open.

Can someone throw some light on this issue please…



- amitr0


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

maxim,

if it uses a memory mapped file, then there sure should be a way to get the
handle to the map through zwquerysysteminformation or some other function?
is it not? I need the “old file name” when some one does a save as using
common dialogs. Any clues???

On 2/2/06, Maxim S. Shatskih wrote:
>
> IIRC Notepad uses memory-mapped files.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “amitr0”
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, February 02, 2006 4:16 PM
> Subject: [ntdev] file opening and handles
>
>
> Hi all,
>
> I obsere that notepad doesn’t keep the file open after reading it. Is this
> true? Does it copy the entire contents into some cache? I tried opening a
> text file with notepad, and then used process explorer to view the open
> handles, the was no entry fro the file. Same was teh case with gvim,
> though
> in gvim, there was a swap file created and kept open.
>
> Can someone throw some light on this issue please…
>
> –
>
> - amitr0
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>



- amitr0

4

As has been often stated in NTFSD (which have might been a better place to
have this conversation) The only safe time to get a file name (and file
name) is in pre-create. If you need it any time after that you will need to
have stored it.

I need the “old file name” when some one does a
save as using common dialogs. Any clues???

5

amitr0 wrote:

if it uses a memory mapped file, then there sure should be a way to
get the handle to the map through zwquerysysteminformation or some
other function? is it not? I need the “old file name” when some one
does a save as using common dialogs. Any clues???

Your task is utterly and completely hopeless. What if an application
has 4 files open? You cannot possibly figure out which one was the one
that is being saved. What if I cut-and-paste the contents to a new
instance of Notepad?

Is this yet another ill-concieved security plan?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

6

I know tim, still I recall someone telling me in my childhood, “fight until
death…” :frowning:

the problem is pathetic in teh sense that in case of notepad they use memory
mapped files. Still there is a ray of hope as notepad uses
COmdlg32!GetSaveFileName* to do a save as. In the structure passed to this
function, it passes the full file name with teh path!!! Heck and when the
structure returns it has the new file name with path. Thus we can get both
if we hook (sorry!!! No other way).

But this is implementation specific, as other editors might not pass in th
filenames, eg. vim just passes in the filenames without the path!!!

Office2003 ( and XP) do not use comdlg32 at all, they have their custom
dialog classes, bosa_sdm_Microsoft Office Word 11.0 is what spy reports, I
have no slue how to tackle them.

Other applications, like Java based owns Eclipse for example, again doesnt
use these controls!!!

Any clues would be of great help…???

amitr0