I wholeheartedly agree with this blog post. I believe someone on here yesterday was asking about config file locations and setting them manually. This is in the same vein. I can’t tell you how many times a command line method for discovering the location of a config file would have saved me 30 minutes of googling.
(Windows) Resource Monitor, disk tab, tick the process, see what files it opens and closes.
Also the usual %programdata% and the two %appdata% find most things.
Unless it’s using the Registry for some config values.
True. That’s harder to track down.
Procmon if you’re a masochist, or do a before and after snapshot. Here’s one tool for the latter: https://www.nirsoft.net/utils/registry_changes_view.html
The *nix equivalent is the
lsof
command. This doesn’t help you finding out in which hierarchy config files are parsed when the program accesses multiple ones, which is often the case.You can use something like
strace -eopen -f -o strace.out the_program
to find all files that the program tried or succeeded to open. Then you can try to find the config file(s) in strace.out.There’s also a nice version in perftools that can be given a PID. https://github.com/brendangregg/perf-tools/blob/master/opensnoop
You still don’t know which location is preffered and how get they get merged. In my experience, digging into the source is the most straighforward. But my usual problem is more that the config option doesn’t do at all what the documentation says it does.
Wouldn’t the strace.out file be in chronological order?
Yes, though if two different files allow for the same config key - you’re stuck opening both to check
And you still couldn’t be sure, could be parsed the other way around for historic reasons.
Just reading the source code (if possible ofc) is imho easier than reading.
True, though I had to use strace method on closed source binaries before (zoom)
I was digging through the comments for exactly this, thanks!
Do things stay in that list when they are not used (since they would be opened and closed in far less than a second)? If so that’s pretty cool.
If not, you can use Process Monitor to check this. That’s what I usually do.