I have an app that writes data to a local disk file regularly. It always opens, writes, then closes the file. Recently I had an issue where it stopped writing data, and this was due to it being unable to open the file because of a sharing violation. The situation seemed to be permanent.
Process Explorer showed a handle to the file held by the
System process, PID 4. As soon as I forced this handle to close, my app behaved normally again.
Now I have my suspicions, as the file can also be accessed from other machines on the network, but the file is always opened briefly and closed again, and always with flags of "RW-", and the app is designed to cope with these brief accesses from elsewhere. The handle that was holding the file open had flags shown as "R–" by process explorer.
My questions: how can I find out more about a handle owned by the
System process, and what sort of process might be holding the file open such that I wasn't able to write to it?