BY_HANDLE_FILE_INFORMATION structure (fileapi.h)
Contains information that the GetFileInformationByHandle function retrieves.
Syntax
Members
The file attributes. For possible values and their descriptions, see File Attribute Constants.
A FILETIME structure that specifies when a file or directory is created. If the underlying file system does not support creation time, this member is zero (0).
A FILETIME structure. For a file, the structure specifies the last time that a file is read from or written to. For a directory, the structure specifies when the directory is created. For both files and directories, the specified date is correct, but the time of day is always set to midnight. If the underlying file system does not support the last access time, this member is zero (0).
A FILETIME structure. For a file, the structure specifies the last time that a file is written to. For a directory, the structure specifies when the directory is created. If the underlying file system does not support the last write time, this member is zero (0).
The serial number of the volume that contains a file.
The high-order part of the file size.
The low-order part of the file size.
The number of links to this file. For the FAT file system this member is always 1. For the NTFS file system, it can be more than 1.
The high-order part of a unique identifier that is associated with a file. For more information, see nFileIndexLow.
The low-order part of a unique identifier that is associated with a file.
The identifier (low and high parts) and the volume serial number uniquely identify a file on a single computer. To determine whether two open handles represent the same file, combine the identifier and the volume serial number for each file and compare them.
The ReFS file system, introduced with Windows ServerВ 2012, includes 128-bit file identifiers. To retrieve the 128-bit file identifier use the GetFileInformationByHandleEx function with FileIdInfo to retrieve the FILE_ID_INFO structure. The 64-bit identifier in this structure is not guaranteed to be unique on ReFS.
Remarks
The identifier that is stored in the nFileIndexHigh and nFileIndexLow members is called the file ID. Support for file IDs is file system-specific. File IDs are not guaranteed to be unique over time, because file systems are free to reuse them. In some cases, the file ID for a file can change over time.
In the FAT file system, the file ID is generated from the first cluster of the containing directory and the byte offset within the directory of the entry for the file. Some defragmentation products change this byte offset. (Windows in-box defragmentation does not.) Thus, a FAT file ID can change over time. Renaming a file in the FAT file system can also change the file ID, but only if the new file name is longer than the old one.
In the NTFS file system, a file keeps the same file ID until it is deleted. You can replace one file with another file without changing the file ID by using the ReplaceFile function. However, the file ID of the replacement file, not the replaced file, is retained as the file ID of the resulting file.
Not all file systems can record creation and last access time, and not all file systems record them in the same manner. For example, on a Windows FAT file system, create time has a resolution of 10 milliseconds, write time has a resolution of 2 seconds, and access time has a resolution of 1 day (the access date). On the NTFS file system, access time has a resolution of 1 hour. For more information, see File Times.
Handle v4.22
By Mark Russinovich
Published: June 14, 2019
Download Handle (887 KB)
Introduction
Ever wondered which program has a particular file or directory open? Now you can find out. Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
You can also get a GUI-based version of this program, Process Explorer, here at Sysinternals.
Installation
You run Handle by typing «handle». You must have administrative privilege to run Handle.
Usage
Handle is targeted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior.
usage: handle [[-a] [-u] | [-c [-l] [-y]] | [-s]] [-p
| Parameter | Description |
|---|---|
| -a | Dump information about all types of handles, not just those that refer to files. Other types include ports, Registry keys, synchronization primitives, threads, and processes. |
| -c | Closes the specified handle (interpreted as a hexadecimal number). You must specify the process by its PID. WARNING: Closing handles can cause application or system instability. |
| -l | Dump the sizes of pagefile-backed sections. |
| -y | Don’t prompt for close handle confirmation. |
| -s | Print count of each type of handle open. |
| -u | Show the owning user name when searching for handles. |
| -p | Instead of examining all the handles in the system, this parameter narrows Handle’s scan to those processes that begin with the name process. Thus: handle -p exp would dump the open files for all processes that start with «exp», which would include Explorer. |
| name | This parameter is present so that you can direct Handle to search for references to an object with a particular name. For example, if you wanted to know which process (if any) has «c:\windows\system32» open you could type: handle windows\system The name match is case-insensitive and the fragment specified can be anywhere in the paths you are interested in. |
Handle Output
When not in search mode (enabled by specifying a name fragment as a parameter), Handle divides its output into sections for each process it is printing handle information for. Dashed lines are used as a separator, immediately below which you will see the process name and its process id (PID). Beneath the process name are listed handle values (in hexadecimal), the type of object the handle is associated with, and the name of the object if it has one.
When in search mode, Handle prints the process names and id’s are listed on the left side and the names of the objects that had a match are on the right.
More Information
You can find more information on the Object Manager in Windows Internals, 4th Edition or by browsing the Object Manager name-space with WinObj.
Download Handle (887 KB)
what is a file handle and where it is useful for a programmer?
I am learning assembly language along with C. this new chapter I started talks about ‘file handles’, file handles for screen display and file handles for keyboard input etc. I don’t know what is a file handle? I am referring to IBM PC ASSEMBLY LANGUAGE PROGRAMMING by Peter Abel
3 Answers 3
There is a generic concept generally called a «handle» in the context of computer software APIs. In the comments you have probably found a link to the Wikipedia article on that subject.
You are dealing with a specific implementation of a handle data type — the IBM PC/DOS file handles returned from the int 0x21 interface. If you would like to learn more about these specific file handles, you might want to consult the book Undocumented DOS, which details the in-memory data structures which allow you to investigate these handles further.
Another specific type of handle is the file descriptor returned from the POSIX-standard interface named open() . This function is implemented in the C run-time library on platforms such as Linux, Windows NT, Mac OS, and many other systems. The integer returned from a call to open() may not be a negative number.
Unless you are running under DOS, your file handles are probably provided by the Windows NT Operating System. These file handles are returned from CreateFile() (which is used to open as well as create files), and the only illegal value for a handle returned from this function is INVALID_HANDLE_VALUE . I.e., the Windows NT API may return what would be considered (via casting) a «negative» integer, although it has opened the file.
In all of these cases, the file handle is used to refer to some data structure that keeps track of how the file is open. One important thing which is tracked is the current file position. The position or pointer is set in POSIX by the lseek() function and is read by the tell() function. Any read() or write() takes place from the position of the current file pointer.
Your program can open the same file under two different handles. In this case, the file pointer for each handle is distinct. Updating the file pointer of one handle using lseek() will not affect the file pointer of the other handle to the same file.