PDA

View Full Version : Accessing "in Use" Files == ?

shakuni
05-14-2008, 12:52 AM
How can I access the files that are in-use by other processes. Say there is this file called "locked.txt", which is in use by process A. Now how can I copy this file to another location programmatically. Normal methods will fail with the error "The process cannot access the file because it is being used by another
process.".

Any ideas ?
dELTA
05-14-2008, 03:50 AM
Pause all threads of the process having opened the file. Then inject your own code into the same process, which reads the contents of the file and then restores the file pointer. Then restore all threads of the process. Done.

Oh, and please stop the annoying "==" subjects of your threads...
aionescu
05-15-2008, 01:36 AM
Duplicate the handle into your own process to avoid injecting code...
Daniel Pistelli
05-15-2008, 03:52 AM
Ionescu is right, you should duplicate the handle. You can easily adapt the code of this article:

http://ntcore.com/Files/wfp.htm

It's a bit old (2004), but it will do the job. It also shows how to retrieve any opened handle through SystemHandleInformation.
dELTA
05-15-2008, 03:58 AM
Alex, how would you recommend getting hold of the value of the handle to be duplicated in the first place (without "intrusive" operations into the target process address space)?

The best I can find is the undocumented:

#define SystemHandleInformation 16
ZwQuerySystemInformation(SystemHandleInformation,pBuffer,cbBuffer * sizeof(ULONG),&re);

and then a DuplicateHandle(...).

Is there a better (and foremost cleaner/documented) way?

[EDIT]
Didn't see Daniel's post when writing the above, but the problem is still the same, with the messy undocumented stuff that might not work in different Windows versions (or am I wrong?).
aionescu
05-15-2008, 04:27 AM
That's how you'd do it, but make sure to use the NDK structures instead of unreliable/hacked information on the net
Daniel Pistelli
05-15-2008, 05:10 AM
Well, dELTA don't take my code for right. As I said it's old I can't guarantee anything. At the time I wrote it I found those structures (I don't rememember where I took them from), they might as well be wrong. If we're talking about "just a method" to make it work locally, my code might as well do the job. If the program is meant to work on every system, more precautions (like the one suggested by aionescu) should be taken.