Copy locked file

[masmuser]

Here is one of the tools I used that code in. Its a tiny app that you can drop a locked file onto and it will save it to disk. I primarily use it if I get some crap in the registry that maintains a locked file that I cannot access normally.

It does nothing for me

masmuser,

The tool works fine for me. Did you check the folder where you saved the tool? It's there you should look for testfile.drp

It does create the drb file. But it is nothing. It just has the name and size of the original file, as it has been so coded. But the CreateFile function has failed ( according to GetLastError. Try it. the file to copy is
   "C:\WINDOWS\system32\config\system"

[hutch--]

Here is a slightly modified version that should be simpler to use for someone who does not appear to understand the code it contains.

Create a seperate directory, place the EXE in it.

Run the EXE then select the locked file you need from Explorer or Winfile and drag and drop it into the client area of the EXE. It should then write an exact copy of the file into the directory that the EXE is placed in.

[attachment deleted by admin]

[masmuser]

Here is a slightly modified version that should be simpler to use for someone who does not appear to understand the code it contains.

Create a seperate directory, place the EXE in it.

Run the EXE then select the locked file you need from Explorer or Winfile and drag and drop it into the client area of the EXE. It should then write an exact copy of the file into the directory that the EXE is placed in.

Hutch, it does create a zero filled file. check it out. call GetLastError after CreateFile, you will get an error saying something like the file is opened by another process. just drag C:\WINDOWS\system32\config\system and you'll see.

[Vortex]

just drag C:\WINDOWS\system32\config\system and you'll see.

This time, me too I got a file filled with NULLs.

Hutch, could you try the file C:\WINDOWS\system32\config\system ?

O.S: Windows XP SP2 Pro

[MichaelW]

It works for me under Windows 2000 SP4. If I try to copy the file directly I get a sharing violation, but if I drop it on the client area of the window I get a file that has the same name and size as the original.

[sinsi]

I also get a zero-filled file (XP home sp2) - CreateFile returns ERROR_SHARING_VIOLATION.

[masmuser]

It works for me under Windows 2000 SP4. If I try to copy the file directly I get a sharing violation, but if I drop it on the client area of the window I get a file that has the same name and size as the original.

the file you are getting is zero filled because the code will create a file regardless of the return value of CreateFile. these files are protected by the system and it seems to be very difficult to get read or write access to them. It is however possible, I know of at least one freeware program which can do it. it is called erunt. I also know some big name system back up utilities which pass on these protected files. so we are dealing with a very tough issue here.  :dazzled:

[MichaelW]

Yes, it is zero filled. For some stupid reason I was equating zero filled to zero length :(

[hutch--]

Yes, thanks for the file name, it fails on most of the files in system32\config. You would need to know the locking machanism to copy these files as it appears to be different from user based API code for file IO and security.

You could try your luck using functions from NTDLL.DLL.

[masmuser]

Yes, thanks for the file name, it fails on most of the files in system32\config. You would need to know the locking machanism to copy these files as it appears to be different from user based API code for file IO and security.

You could try your luck using functions from NTDLL.DLL.

  :bg :bg
it is not a question of luck. you need the right info. that is why I came here.

[hutch--]

 :bg

You will be part of the way there when you work out how to OS protects the files so they cannot be opened. As I seriously doubt its published information, luck is your best friend. If you can find some data on NTDLL.DLL functions your luck may improve.  :green2

[masmuser]

:bg

You will be part of the way there when you work out how to OS protects the files so they cannot be opened. As I seriously doubt its published information, luck is your best friend. If you can find some data on NTDLL.DLL functions your luck may improve.  :green2

I was hoping you would at least try to help  :green2

But I still do thank you for providing the Masm32 package, with all those libraries and definitions.
So I guess I am finished here for the time being  :bdg

[white scorpion]

Well, there is a way....

I've been playing with this as well for backup purposes of the system file since it seems to corrupt quite often. What you need to do is obtain the handle of the file. Then nicely ask the process (system, PID 4) which is locking it to borrow it for a few seconds.

(This is no joke, but I can't tell the full story since some techniques are most likely not allowed on this board) ;)

[masmuser]

Well, there is a way....

I've been playing with this as well for backup purposes of the system file since it seems to corrupt quite often. What you need to do is obtain the handle of the file. Then nicely ask the process (system, PID 4) which is locking it to borrow it for a few seconds.

(This is no joke, but I can't tell the full story since some techniques are most likely not allowed on this board) ;)

well then just ask nicely our kind admin if he would allow some details of your experience.  :thumbu

[white scorpion]

Please forget my previous post.
I've just tested it and it works on every file (regardless of their type of lock) except the files locked by the system process (on XP that is).
This occurs because the system process is a protected process.
The only way to access data that that process is using is in kernelmode, so a driver is required to make a backup of the systemfile.

I can't remember I had this same problem back when I was searching for it, but it wasn't on XP either, maybe something changed there...

Sorry for giving you false hope ;)