How to know the process that blocked a file in windows, e.g.: when trying to delete a file that is in use, how to know the process that using that file?
Use Microsoft/Sysinternal's ProcessMonitor. Used to be file FileMon but I think everything is merged in ProcessMonitor now.
I had faced the same issue. I use Process Explorer for this. This is free and is like a task manager tool with advanced features.
Just press Ctrl+F or select Find and type the full or part name of the file or drive you're looking for. Select the file from the search result. This will take you to the bottom part of the window showing the file and the process which is keeping it open.
Just right click and select Close Handle. It will ask for yes / no, select yes and you're done. This tool can also be used if you're unable to safely remove a pen-drive or similar hardware. Just search for the drive letter (eg. G:) and close all the open handles.
Please ensure that you don't mis-use this tool to close handles to
system files, sabotage a system or cause harm to someone.
Hope this helps!
Vivek
Related
When I try to delete a file it can sometimes be open in another program.
How do I detect which program has my file opened and how do I close their handle to my program to allow me to delete my file?
You can use Sysinternals suite's ProcExp.
download from here.
CTRL+F to search for the file handle..and right click + close handle to close it.
make sure to run ProcExp as an Administrator!
If in Linux or on a Mac, use lsof. It can be used to show open files, open sockets, and more - I often use it for network stuff, instead of netstat.
If I really want to delete an (empty) folder, even if someone else has it opened, how can this be done with C++?
With a little help from DOS one could :
run NET FILES in a DOS box to determine all open files,
filter out the ids of the folder in question,
run NET FILES id /CLOSE in a DOS box with each id
Finally, call RemoveDirectory().
How to achieve the same purely in C++? (And I do not want to delay until reboot)
This might have worked in DOS but in a modern OS this can not be done.
On Windows you can use MoveFileEx with the MOVEFILE_DELAY_UNTIL_REBOOT flag if the folder is in use.
MoveFileEx(folderName, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
I wish to know when another application finishes editing a file.
I am aware of FindFirstChangeNotification, ReadDirectoryChangesW and the FileSystemWatcher class, however I think these are only able to detect file creation and changes. Which won't allow me to know whether the file still has content which will be written to it in future or not. One solution would be to wait to ensure that all data has been written, but I feel that there should be a better way.
I wish to know when the process writing to the file closes the handle it has, I think writing a File System Filter Driver may allow for this, can anyone confirm? Or provide another method I which I could use. Also I would prefer not to rely on something like .net but I wouldn't rule it out.
Thanks very much, in advance.
You can poll this by trying to open the file in exclusive mode.
On windows you can use OpenFile with OF_SHARE_EXCLUSIVE.
I'm trying to make a small program that could intercept the open process of a file.
The purpose is when an user double-click on a file in a given folder, windows would inform to the software, then it process that petition and return windows the data of the file.
Maybe there would be another solution like monitoring Open messages and force Windows to wait while the program prepare the contents of the file.
One application of this concept, could be to manage desencryption of a file in a transparent way to the user.
In this context, the encrypted file would be on the disk and when the user open it ( with double-click on it or with some application such as notepad ), the background process would intercept that open event, desencrypt the file and give the contents of that file to the asking application.
It's a little bit strange concept, it could be like "Man In The Middle" network concept, but with files instead of network packets.
Thanks for reading.
The best way to do it to cover all cases of opening from any program would be via a file system filter driver. This may be too complex for your needs though.
You can use the trick that Process Explorer uses to replace itself with task manager. Basically create a key like this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Where you replace 'taskmgr.exe' with the name of the process to intercept. Then add a string value called 'Debugger' that has the path to your executable. E.g:
Debugger -> "C:\windows\system32\notepad.exe"
Every a process is run that matches the image name your process will actually be called as a debugger for that process with the path to the actual process as an argument.
You could use code injection and API redirection. You'd start your target process and then inject a DLL which hooks the windows API functions that you want to intercept. You then get called when the target process thinks it's calling OpenFile() or whatever and you can do what you like before passing the call on to the real API.
Google for "IAT hooking".
Windows has an option to encrypt files on the disk (file->properties->advanced->encrypt) and this option is completely transparent to the applications.
Maybe to encrypt decrypt file portions of a disk you should consider softwares like criptainer?
There is this software as well http://www.truecrypt.org/downloads (free and open source) but I haven't tried it.
Developing a custom solution sounds very difficult.
Under Windows is there a way to modify a file/executable opened by another process using c++?
Is there a way to modify an open executable in windows?
No.
Is there a way to modify an open file in windows using c++?
Yes. If it has been opened with the proper share permissions. See http://msdn.microsoft.com/en-us/library/aa363858(VS.85).aspx FILE_SHARE_WRITE
It may be possible but perhaps not easy to achieve. You need inject thread in destination process and know PE format for correctly edit opened file and modify it.
All information is on web.
Good Luck.
I find this freeware tool, it proposes to unlock files and folders.
The OS holds the executable file open for read-only sharing as long as it's running, so there's no way to modify it directly. You can, however, open it for reading (if you specify read-sharing in your CreateFile call), and make a modified copy of it, while it's running.
I don't know if that's what you had in mind, but if it's your own program you're doing this to, you can start the new copy and have it pick up where the previous one left off... not straightforward, but not all that difficult either.