Re: How to retrieve ProcessHandle of locked file

Tech-Archive recommends: Fix windows errors by optimizing your registry

I no word i never said to create malicious code...

Well, such confession would be a bit to the extereme, don't you
think????

to be honest in our deployment we have software wich is making problems by
uninstalling...


But this is what you should have said from the very, very
beginning!!!!! If you said that it is your machine, I would not be even
bothered to tell you that this may be a bad idea - after all, you are
supposed to know what you are doing with your own system. However,
judging from the way you have presented your problem, you were not
assuming the full control over the target machine - after all, David
explained to you how to do things manually, but you insisted that you
need to do it programatically. Therefore, I asked you what you are
trying to do, and got the following reply


[quote]

" Be sure there is a reason i post that message and there is no need
for you to know the why and when and of course it doesnt matter what im
planning"

[end quote]


If you read this group on more or less regular basis, you must have
noticed that people ask OPs about their objectives quite often - there
is nothing wrong with it. However, try to find a thread where the OP
reacts this way to the question about his objectives.....


But its interesting to know whats going on in your mind...

What am I supposed to think about someone who asks about replacing
third-party drivers programatically (which is not so usual operation in
itself, and may have rather nasty consequnces for the target system),
and gives the above answer to the question about his objectives????


whenever you think the worst thing about others,...

Sorry, but your behaviour strongly suggested "not-so-innocent" plans -
after all, people normally don't react this way to questions about
their objectives.....

who do you think you are???

Well, apart from all other things, I happen to be just a PC user, and
being the one, I strongly resent the idea of drivers being
deleted/modified/replaced on my machine without my approval....

Judging from the way you have presented your question, your "model" is
not meant to involve user interaction, is it?????

To summarize, you should formulate your questions properly, and avoid
agressive reaction
to other people's questions - after all, it is amusing to see such
reaction from someone who asks for help, in the first place. If you do
it this way everything will be OK.....


Anton Bassov


Mac wrote:
one more thing, i wasnt able to read the whole stuff you wrote...

are you crazy man???? who do you think you are???

I no word i never said to create malicious code,
to be honest in our deployment we have software wich is making problems by
uninstalling because of the facts i earlier postings, and closing the
handles of process is the only way for me to remove the software cleanly...

But its interesting to know whats going on in your mind... whenever you
think the worst thing about others,... what about you, mate!

"anton bassov" <soviet_bloke@xxxxxxxxxxx> wrote in message
news:1161782157.795945.286510@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The simple question was:

...is it possible or not and if yes, pls. tell me how!

It is not as simple as that.......

Certainly, there are various "not-so-conventional" ways of doing
something that you are trying to do - after all, cleaning up malware
and spyware has to be done somehow. This kind of "software" tends to
cling to life tenaciously, so that cleaning it up may require some
advanced tricks. However, it does not mean that we are going to show
you these tricks straight away, because they can be used for malicious
purposes.


Be sure there is a reason i post
that message and there is no need for you to know the why and when and of
course it doesnt matter what im planning.


From the very beginning I became suspicious that your intentions are
not that "innocent".
Theforefore, first of all, I have explained to you why it is not a good
idea to modify/delete drivers that haven't been installed by yourself.
Someone who does not want to do any harm to other people's machines
would either get it right on the spot, or tell us why he believes he
needs to do something like that.



In fact, my post was intended mainly for those NG participants who know
these tricks, so that they think twice before telling you how to
implement them. Now, after having read your latest post, I am pretty
sure that your intentions are malicious. I really hope all NG
participants will realize it, so that no one will help you with your
"task"



(btw: having good or bad ideas is still possible without any judge - in a
free world outside russia!)

In fact, I don't know that much about Russia - I haven't been there for
around 15 years or so.
Therefore, I cannot tell you if it is possible to have any ideas there.
The only thing I can tell you straight away is that the idea of
damaging other people's machines is not generally acceptable in a free
world either.....

Thanks mate!

You are welcome, pal!

Anton Bassov

Mac wrote:
Anton,

nobody forced you to answer my question! Be sure there is a reason i post
that message and there is no need for you to know the why and when and of
course it doesnt matter what im planning.

The simple question was:

...is it possible or not and if yes, pls. tell me how!

I never asked about what kind of idea it is but what about you doin me a
favour by stickin' to the facts and come up with a solution or please if
you
not able to give a hint, forget it?!

Thanks mate!
(btw: having good or bad ideas is still possible without any judge - in a
free world outside russia!)

"anton bassov" <soviet_bloke@xxxxxxxxxxx> wrote in message
news:1161773513.621214.73550@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
It seems youre in the same situation like me,

Where did you get this idea from?????

coz i need to delete a *.sys
file wich is currently locked when i try to remove a program, wich i
need
to
programmatically "disable". The only thing i need to do is to rename
or
delete or move this *.sys file - nothing else..


It looks like I was just wasting my time by explaining things to you -
you still refuse to understand that this is *EXTREMELY* bad idea. Why
do you want to delete a driver that has not been installed by
yourself???? What are you trying to do, in the first place?????
Are you just planning to screw up the system????? In such case you have
to find some other source of "advice"

Anton Bassov



Mac wrote:
Hi Anton,

thanks for your message.

It seems youre in the same situation like me, coz i need to delete a
*.sys
file wich is currently locked when i try to remove a program, wich i
need
to
programmatically "disable". The only thing i need to do is to rename
or
delete or move this *.sys file - nothing else... and im aware of the
causes
if i get hands on system locked objects (i often received a BS due to
my
testings)

Can u do me a huge favour by sharing your peace of code with me?

Best regards,

Mac

"anton bassov" <soviet_bloke@xxxxxxxxxxx> wrote in message
news:1161682288.074885.92270@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi mate

In my situation i need code to delete a file (a sys file) wich is
currently
locked by a process. but i dont know the processhandle.


I can tell you this straignt away - it is a process namesd System.
Unless the target driver module has been loaded by
ZwSetSystemInformation (which makes it pageable and mapped only in
the
address space of a process that made this call - its DriverEntry
receives NULL pointers for both PDRIVER_OBJECT and registry path),
all
drivers get loaded and unloaded by the System process - this is why
DriverEntry() and DriverUnload() routines are executed in the
context
of the System process . Therefore, it is a System process who keeps
non-zero reference count on the target file

If i have the
processhandle i first need kill this handle by corresponding
threads,
then i
can modify/delete the file.

Probably, by now you have already realized that the above idea is
just
insane....

In order to delete the file, you have to stop the service first, but
not all services allow this.

However, if the target service can be stopped.... imagine if you
have
succeeded with deleting the file, but "forgot" to delete its
corresponding service, and the service starts with the system. What
is
going to happen the next time the system boots????? Therefore, you
would have to change the start type of the target service to
on-demand
one, or simply delete it


At this point, just ask yourself a reasonable question - who the
heck
am I to modify/delete services and/or system files that have not
been
installed by myself??????


To summarize, please do a huge favour to everyone who may come
across
your software,
and stop thinking about your "problem"



Anton Bassov



Mac wrote:
Hi there,

can someone please tell me how to get the handle of a process wich
is
currently locking a file?

Example:

Create a word-document using word, save and reopen it, then try to
delete
the file while it is still open by a process. My question is "How
to
determine the processhandle of the application wich is currently
locking
a
file by filename"

In my situation i need code to delete a file (a sys file) wich is
currently
locked by a process. but i dont know the processhandle. If i have
the
processhandle i first need kill this handle by corresponding
threads,
then i
can modify/delete the file.


Pls. post some Codesnippets or examples

Any thoughts?


--
Regards,

Mac




.

Quantcast