With which tool can I investigate the File Control Block of a loaded application?

Karl Kunze 1 Reputation point

Hi, I am investigating a situation on a terminal-server, where we have stability-issues with some applications. Our actual suspects are orphaned fcbs. I would like to nail it down on this, but have no actual clue, with which sysinternal-tool I could possible look on those and check, what is going on. Thanks in advance. Karl

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,516 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. MotoX80 25,671 Reputation points

    What do you expect to find in this FCB?

    I'll ask my favorite question: what's the real problem?


    From reading over the link that you provided and the 2 links that I found, the Sysinternals tool that I would use is LiveKd.


    That would allow you to launch a debugger (WinDbg) on a running system and let you to traverse the internal control block structures of the OS. Troubleshooting at this level requires extensive experience.

    Are your Paged-pool and Non-paged-pool memory numbers excessive? Are you running out of memory?

    Technically the FCB is not owned by any specific user. It's just a shared structure that represents a file. The FCB is created when the first handle to the file is opened, and it's destroyed when the last handle to the file is closed. Therefore, it is not tied to a user.

    I would think that an analysis of file handles either with ProcExp or Handle would be your best bet. Or try RamMap and see if the File Summary tab provides any useful info.


    2 people found this answer helpful.
    0 comments No comments

  2. MotoX80 25,671 Reputation points

    If you are looking for file handles, then Process Explorer would be my first choice.


    You can sort by the handle column or use the Find menu item to search for a file name.


    0 comments No comments

  3. Ian Xue (Shanghai Wicresoft Co., Ltd.) 19,141 Reputation points Microsoft Vendor


    Are you trying to get the file handles opened by the application? If so you can use Handle


    Best Regards,
    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. Karl Kunze 1 Reputation point


    I want to look at the file-control-block connected to the binary application itself by the redirector

    The problem is very likely described in https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/applications-crash-if-another-user-logs-off-session .

    From my understanding a look on the file-handles is not what I am looking for.

    But what option could it be in the sysinternal-tools?



    0 comments No comments

  5. Karl Kunze 1 Reputation point


    that is quite a lot of valuable information to dig through.

    I will test with ProcExp and RamMap as advised and give some feedback in a few days.

    Thanks so far.


    0 comments No comments