Log in

View Full Version : Accessing "in Use" Files == ?

shakuni
May 14th, 2008, 00:52
How can I access the files that are in-use by other processes. Say there is this file called "locked.txt", which is in use by process A. Now how can I copy this file to another location programmatically. Normal methods will fail with the error "The process cannot access the file because it is being used by another
process.".

Any ideas ?
dELTA
May 14th, 2008, 03:50
Pause all threads of the process having opened the file. Then inject your own code into the same process, which reads the contents of the file and then restores the file pointer. Then restore all threads of the process. Done.

Oh, and please stop the annoying "==" subjects of your threads...
aionescu
May 15th, 2008, 01:36
Duplicate the handle into your own process to avoid injecting code...
Daniel Pistelli
May 15th, 2008, 03:52
Ionescu is right, you should duplicate the handle. You can easily adapt the code of this article:

http://ntcore.com/Files/wfp.htm

It's a bit old (2004), but it will do the job. It also shows how to retrieve any opened handle through SystemHandleInformation.
dELTA
May 15th, 2008, 03:58
Alex, how would you recommend getting hold of the value of the handle to be duplicated in the first place (without "intrusive" operations into the target process address space)?

The best I can find is the undocumented:

#define SystemHandleInformation 16
ZwQuerySystemInformation(SystemHandleInformation,pBuffer,cbBuffer * sizeof(ULONG),&re);

and then a DuplicateHandle(...).

Is there a better (and foremost cleaner/documented) way?

[EDIT]
Didn't see Daniel's post when writing the above, but the problem is still the same, with the messy undocumented stuff that might not work in different Windows versions (or am I wrong?).
aionescu
May 15th, 2008, 04:27
That's how you'd do it, but make sure to use the NDK structures instead of unreliable/hacked information on the net
Daniel Pistelli
May 15th, 2008, 05:10
Well, dELTA don't take my code for right. As I said it's old I can't guarantee anything. At the time I wrote it I found those structures (I don't rememember where I took them from), they might as well be wrong. If we're talking about "just a method" to make it work locally, my code might as well do the job. If the program is meant to work on every system, more precautions (like the one suggested by aionescu) should be taken.