Process Monitor: TC looks for strange file in right panel

Post by *white » 2014-03-18, 20:42 UTC

When using Process Monitor (http://www.sysinternals.com/) I noticed something I can't explain.

I used filters:
Filter 1: "Process Name" "is" "TOTALCMD.EXE"
Filter 2: "Detail" "contains" "Filter:"

When I click on the Notepad button on the default button bar, most of the time I see that TC tries to find a file named "瓖Ѡ瓖ռ瓖ה瓖뮰ÐѠ瓖ɐ瓖" (or other strange file name) in the folder of the right panel (also when left panel is active).

When I first click the button Copy names with full path (button before Notepad button), then it does not happen for some time.

Can someone confirm or explain this?

HBB · Post by *HBB » 2014-03-18, 21:40 UTC

Tried in Win7 x64 with TC8.51b3:

- totalcmd.exe is ran
- procman.exe (v3.05) is ran by totalcmd.exe
- totalcmd.exe is filtered (O.K.)
- pressed notepad on the default bar, opens an empty file as expected
- the button Copy names with full path (button before Notepad button) is pressed
- pasted into the empty notepad successfully

not confirmed

Post by *white » 2014-03-18, 22:04 UTC

2HBB
Did you use both filters?
Simply open notepad and close it again. And try multiple times.

I tried TC8.51b3 and TC8.50 32bit and Windows XP.

As soon as I click the Notepad button, I get this:

Code: Select all

23:06:13,6377745	TOTALCMD.EXE	1020	QueryDirectory	C:\Program Files\Total Commander\瓖Ѡ瓖ռ瓖ה瓖ƄÕѠ瓖ɐ瓖	NO SUCH FILE	Filter: 瓖Ѡ瓖ռ瓖ה瓖ƄÕѠ瓖ɐ瓖
23:06:13,6545069	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS	SUCCESS	Filter: WINDOWS, 1: WINDOWS
23:06:13,6548453	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32	SUCCESS	Filter: system32, 1: system32
23:06:13,6552341	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe
23:06:13,6572312	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS	SUCCESS	Filter: WINDOWS, 1: WINDOWS
23:06:13,6575155	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32	SUCCESS	Filter: system32, 1: system32
23:06:13,6579205	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe
23:06:13,6937950	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe
23:06:13,6942504	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS	SUCCESS	Filter: WINDOWS, 1: WINDOWS
23:06:13,6945693	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32	SUCCESS	Filter: system32, 1: system32
23:06:13,6949510	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe
23:06:13,7149467	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS	SUCCESS	Filter: WINDOWS, 1: WINDOWS
23:06:13,7152069	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32	SUCCESS	Filter: system32, 1: system32
23:06:13,7155943	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe
23:06:13,7166603	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS	SUCCESS	Filter: WINDOWS, 1: WINDOWS
23:06:13,7169035	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32	SUCCESS	Filter: system32, 1: system32
23:06:13,7173938	TOTALCMD.EXE	1020	QueryDirectory	C:\WINDOWS\system32\notepad.exe	SUCCESS	Filter: notepad.exe, 1: notepad.exe

This time I had the folder C:\Program Files\Total Commander\ displayed in the right panel.

HBB · Post by *HBB » 2014-03-18, 22:42 UTC

I can confirm now

00:35:47.0450846 TOTALCMD.EXE 7304 QueryDirectory E:\Test\TotalCmd\2\��泩疳涑疳쐜Ȱ NAME INVALID Filter: ��泩疳涑疳쐜Ȱ

I tried it 64 bit environment with TotalCmd64.exe => No strange characters

Edit > It may be caused by a temp file created by TC for test purposes

Post by *white » 2014-03-19, 11:18 UTC

2HBB
Thanks for trying it and confirming it.

HBB wrote:Edit > It may be caused by a temp file created by TC for test purposes

What do you mean?

It happens when TC is accessing the button bar file. For me, a simple way to reproduce this is by right clicking any button on the button bar.

When execute cm_VisButtonbar twice it happens for each button holding an external command.

When clicking the Notepad button on the default bar, it does not happen with TC 7.04a or earlier. It happens since TC 7.50 private beta 1. Perhaps it is related to the added unicode support.

It happens when right clicking any button since TC 8.0rc1. Not for TC 8.0b25 and earlier.

HBB · Post by *HBB » 2014-03-19, 13:37 UTC

White, can you try again for two cases:

- Active window is C:\aaa (in my case it was E:\aaa)
- Active window is C:\TotalCmd (in my case it was E:\TotalCmd)

Do you see any difference?

Edit> I open notepad in my case

Post by *white » 2014-03-19, 15:33 UTC

I created E:\aaa in left panel.
I created E:\TotalCmd in right panel.

It seems to happen less often, but mostly does. Other than that I don't see any difference.

HBB · Post by *HBB » 2014-03-19, 19:35 UTC

You are right, it is not related to the "name" of dir.

It displays the following string for me, because the current dir is E:\aaa :

21:19:59.8500734 TOTALCMD.EXE 5116 QueryDirectory E:\aaa\泩睑涑睑쒼ȗ NAME INVALID Filter: 泩睑涑睑쒼ȗ

I am almost sure that "E:\aaa\泩睑涑睑쒼ȗ" is "E:\aaa\notepad.exe". TC query the Notepad.exe is in the current dir.

EDIT> It does not happen always. It happen for me after third or fourth trial.

Post by *ghisler(Author) » 2014-03-19, 20:37 UTC

Should be fixed in TC 8.51 beta 4, thanks. A function used to check for child .bar files was called when it didn't need to be called...

Post by *white » 2014-03-19, 21:31 UTC

Tested OK using TC8.51b4 32bit.