Find string in file and go back up in file to extract process name


I explain: I have a java application that dumps data of all the processes running on my pc in a text file by means of a command; this file will be generated every 5 seconds for example (thread). The generated file has about 130000 lines, so it's not going to be very effective in terms of process speed that of doing loops inside the file to find a string.

I need to find a text string within this file, for example: \Device%code%00005x and once found, go back up a few lines in the file to find the name of the process that is executing it, some programmers have suggested the use of document databases (NoSQL) but I'm sure they have the function I need.

The format in which the processes appear within the file is as follows:

(each process is delimited by a line of dashes "-",  I think this may be useful when fishing for the name of the process that is right on the next line):


explorer.exe pid: 4632 WATCUT\tofpo

4: Process       
8: Mutant        
C: Unknown type 
10: Unknown type 
14: Directory     
18: Key           


SynTPEnh.exe pid: 3692 WATCUT\tofpo

4: Event         
8: WaitCompletionPacket

C: IoCompletion  
10: TpWorkerFactory 

14: IRTimer       
18: WaitCompletionPacket 

60: Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions

64: File          \Device\DeviceApi
68: IRTimer

This is just an example, the text file is huge as I said and consists of more than 125000 lines. Someone who has done something similar or knowledge of NoSQL databases that can shed some light?

asked by Tofetopo 19.10.2016 в 17:20

1 answer


If you need to search for a text string from time to time there is no problem searching line by line if it contains what you want or not. I also use a text file of the size you say and it takes less time to scroll through the refresh rate of the file you tell us.

I would make a copy of the file so that in the middle of the search it would not be a coincidence that it would refresh and search the chain from the beginning to the end of the file in case it comes out several times throughout the file and would save that copy in case I need more information later.

Finally I would go back to the previous line that contains "pid" and I would take that line or up to the first space if you only want the name of the executable. If your search appears in several lines it would give several concatenated results.

If that does not work for you, tell us and we look for another solution, but it should be enough.

I would not use a BD if you do not make much use of searches since being kept up to date is going to make you lose more control than the searches you have to do


This is a code example:

public static void main(String[] args){
    String descarga = args[0];
    String buscado = args[1];

    boolean encontrado = false;
    String strLineaPid = null;

    try {
        // Abrimos el archivo
        FileReader fstream = new FileReader(descarga);
        // Creamos el Buffer de Lectura
        BufferedReader buffer = new BufferedReader(fstream);
        // Leer el archivo linea por linea
        String strLinea;

        while ((strLinea = buffer.readLine()) != null)   {
            //Guardo temporalmente la linea del proceso
                strLineaPid = strLinea;

            //Rompo el bucle y finalizo
                encontrado = true;


    }catch (Exception e){
        System.err.println("Ocurrió un error: " + e.getMessage());

        System.out.println("El proceso con " + buscado + " es " + strLineaPid);
        System.out.println("Ningún processor con la palabra " + buscado);

It is done to pass parameters for the route and the searched word. I executed it by putting the "Test route-to-file wordSearch" The output I got was:


The process with wordSearch is anotherProcess.exe pid: 2 lele

The file used contained the following:

proces.exe pid: 1 lala

another line

another line


anotherProcess.exe pid: 2 lele

line searched


another ProcessMas.exe pid: 3 lili

another line

I hope that with this you are worth it.

answered by 22.10.2016 / 11:28