Is there a way to find out what hardware is using a .sys file?

Hello @tfwul,

If you are talking about having problems at startup, this may help with trouble-shooting the issue:

 Autoruns for Windows

Autoruns allows you to Disable problem Startup items and MORE.

About Autoruns:

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities.

Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

> Autoruns for Windows - Information - Docs.Microsoft
> Autoruns for Windows - Direct Download - SysInternals
> Advanced Autoruns Tutorial - How to Disable Programs that Start with Windows - Video Tutorial - OS Attack

Just for additional information purposes, Autoruns is basically an Advanced System Tool capable of MANY different actions. This video is well worth a watch to familiarise yourself with the tasks available . . .

> Advanced Autoruns Tutorial - How to Disable Programs that Start with Windows

---

I hope this helps.

You could start by looking at this properties sheet:

Hello @tfwul,

tfwul said:

I was having problems with external USB drives (WD). They are solved for 99%, by removing a specific driver.

Now there is still one driver that I am not sure of : WDCSAM64.SYS

That driver is associated with WD External Storage developed by Western Digital Technologies.

Have a look at this > How to Fix the Wdcsam64.sys Memory Integrity Error on Win11/10

I hope this helps.

And thank you so much for your reply.

You can rt click a .sys file- or any appropriate file- to see what's using it e.g. with LockSmith installed. There are other 3rd party utilities that provide that kind of context menu.

However I feel you may be disappointed as it's likely only in use very briefly.

If you wished to capture it being accessed and used, you can try the huge filterable log provided by Process Monitor (procmon) from MS- free.

I also think you're asking the wrong question or have the wrong expectation. A driver is loaded into RAM as needed.. sys files don't execute in the way that exe files do - so you won't see them listed as such by task manager type tools.

LockHunter should show you if that file is being used by the USB device.

I made a new text file in this empty USB device that I use LockHunter on. I opened the text file in Notepad, and it shows that notepad.exe is in use:




And this is on my external drive (the red colored one):


If "WDCSAM64.SYS" isn't in that list, then it shouldn't be in use by the Drive / USB Device.