разблокировать чужой файл

← →
Apachi (2007-01-18 15:29) [0]

уважаемые мастера
возможно ли разблокировать файл, котоый держит другой, неизвестный нам процесс

← →
Apachi (2007-01-18 15:30) [1]

ну или в крайнем случае как определить процесс для того что бы его остановить

← →
novill © (2007-01-18 16:02) [2]

Читал, что можно, методы хакерские, исходниками были, сам не проверял.

← →
Игорь Шевченко © (2007-01-18 16:09) [3]

Возможно, запустить Process Explorer с www.sysinternals.com, найти, кто держит файл, и убить держателя

← →
Styx_ (2007-01-18 20:20) [4]

Есть утилита Unlocker - она как-то это делает. Без убийства процесса.

← →
ors_archangel © (2007-01-18 20:33) [5]

Сам написал, может не работь, а если работает, то долго :)
type PIPF_RemoteThreadRec = ^TIPF_RemoteThreadRec; TIPF_RemoteThreadRec = record hp,minappaddr,maxappaddr,pagesize: dword; minHandleValue,maxHandleValue: THandle; targetFInfo: TByHandleFileInformation; ProcessUsesFile: boolean; { funcs } GetFileInformationByHandle: function(hFile: THandle; var lpFileInformation: TByHandleFileInformation): BOOL; stdcall; beep: procedure(hz,dur: integer); stdcall; // for tests end; function IPF_RemoteThread(var rec: TIPF_RemoteThreadRec): integer; stdcall; var commited: integer; lockable: integer; addr: dword; finfo: TByHandleFileInformation; f: THandle; begin //rec.beep(1000,100);exit; // test of execution :) rec.ProcessUsesFile := false; for f := rec.minHandleValue to rec.maxHandleValue do with rec do try if GetFileInformationByHandle(f, finfo) and (finfo.dwFileAttributes = targetFInfo.dwFileAttributes) and (finfo.ftCreationTime.dwLowDateTime = targetFInfo.ftCreationTime.dwLowDateTime) and (finfo.ftCreationTime.dwHighDateTime = targetFInfo.ftCreationTime.dwHighDateTime) and (finfo.ftLastAccessTime.dwLowDateTime = targetFInfo.ftLastAccessTime.dwLowDateTime) and (finfo.ftLastWriteTime.dwHighDateTime = targetFInfo.ftLastWriteTime.dwHighDateTime) and (finfo.dwVolumeSerialNumber = targetFInfo.dwVolumeSerialNumber) and (finfo.nFileSizeHigh = targetFInfo.nFileSizeHigh) and (finfo.nFileSizeLow = targetFInfo.nFileSizeLow) and (finfo.nNumberOfLinks = targetFInfo.nNumberOfLinks) and (finfo.nFileIndexHigh = targetFInfo.nFileIndexHigh) and (finfo.nFileIndexLow = targetFInfo.nFileIndexLow) then begin rec.ProcessUsesFile := true; exit; end; except end; end; function IsProcessUsingFile(pid: cardinal; f: THandle): boolean; var name: string; tid: dword; hp,ht: THandle; sysinfo: TSystemInfo; threadRec: TIPF_RemoteThreadRec; user,kernel: HModule; addr: dword; dummy: dword; fm: THandle; dataaddr: pointer; datasize: integer; time: cardinal; begin result := false; if not GetFileInformationByHandle(f, threadrec.targetFInfo) then RaiseLastOSErr; { connect to process } hp := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_QUERY_INFORMATION or PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ, false, pid); if hp = 0 then RaiseLastOSErr("Cannot open process "+name); { fill data record for locking thread } threadRec.hp := hp; GetSystemInfo(sysinfo); with threadRec do begin minappaddr := dword(sysinfo.lpMinimumApplicationAddress); maxappaddr := dword(sysinfo.lpMaximumApplicationAddress); pagesize := sysinfo.dwPageSize; minHandleValue := 1; maxHandleValue := 9999; // targetFInfo always setted ProcessUsesFile := false; kernel := GetModuleHandle(kernel32); user := GetModuleHandle(user32); GetFileInformationByHandle := GetProcAddress(kernel, "GetFileInformationByHandle"); beep := GetProcAddress(kernel, "Beep"); end; { alloc page } addr := dword(VirtualAllocEx(hp,nil,threadRec.pagesize, MEM_COMMIT, PAGE_EXECUTE_READWRITE)); if addr = 0 then RaiseLastOsErr("Can`t alloc page in "+name); { write data } datasize := sizeof(TIPF_RemoteThreadRec); WriteProcessMemory(hp, pointer(addr), @threadRec, datasize, dummy); { write code } WriteProcessMemory(hp, pointer(addr+datasize), @IPF_RemoteThread, threadRec.pageSize-datasize, dummy); { execute remote thread } ht := CreateRemoteThread(hp, nil, 0, pointer(addr+datasize), pointer(addr), 0, tid); if ht = 0 then RaiseLastOSErr("Cannot create remote thread in "+name) else begin SetThreadPriority(ht, THREAD_PRIORITY_TIME_CRITICAL); time := 0; while ThreadStillActive(ht) do begin Sleep(100); inc(time); if time > 1000 then break; Application.ProcessMessages; end; CloseHandle(ht); { read data back } ReadProcessMemory(hp, pointer(addr), @threadRec, datasize, dummy); result := threadRec.ProcessUsesFile; VirtualFreeEx(hp,pointer(addr),threadRec.pagesize,MEM_FREE); end; CloseHandle(hp); end; type PFPUF_ThreadRec = ^TFPUF_ThreadRec; TFPUF_ThreadRec = record pid: cardinal; f: THandle; result: boolean; err: string; end; procedure FPUF_Thread(params: PFPUF_ThreadRec); stdcall; begin try params.result := IsProcessUsingFile(params.pid, params.f); params.err := ""; except params.result := false; params.err := "Error"; end; end; function FindProcessesUsingFile(f: THandle): TLongWordDynArray; var i: integer; pids: TLongWordDynArray; pid: cardinal; ignore: cardinal; ht: cardinal; ThreadRec: array of TFPUF_ThreadRec; threads: array of cardinal; time: cardinal; done: boolean; begin pids := GetProcessList; setlength(ThreadRec, length(pids)); for i := 0 to high(pids) do begin ThreadRec[i].pid := pids[i]; ThreadRec[i].f := f; ht := CreateThread(nil, 0, @FPUF_Thread, @ThreadRec[i], 0, ignore); threads := PushEl(threads, ht); end; time := GetTickCount; repeat done := true; for i := 0 to high(threads) do if threads[i] <> 0 then begin if not ThreadStillActive(threads[i]) then begin threads[i] := 0; if ThreadRec[i].result then result := PushEl(result, ThreadRec[i].pid); end; done := false; end; Application.ProcessMessages; Sleep(100); until done; end; type TPIDComment = record pid: dword; comment: string; end; TPIDsComments = array of TPIDComment; function FindProcessesUsingFileEx(f: THandle): TPIDsComments; var i: integer; pids: TLongWordDynArray; pid: cardinal; ignore: cardinal; ht: cardinal; ThreadRec: array of TFPUF_ThreadRec; threads: array of cardinal; time: cardinal; done: boolean; { ex } pidcmnt: TPidComment; begin pids := GetProcessList; setlength(ThreadRec, length(pids)); for i := 0 to high(pids) do begin ThreadRec[i].pid := pids[i]; ThreadRec[i].f := f; ht := CreateThread(nil, 0, @FPUF_Thread, @ThreadRec[i], 0, ignore); threads := PushEl(threads, ht); end; time := GetTickCount; repeat done := true; for i := 0 to high(threads) do if threads[i] <> 0 then begin if not ThreadStillActive(threads[i]) then begin threads[i] := 0; if ThreadRec[i].result then begin pidcmnt.pid := ThreadRec[i].pid; pidcmnt.comment := ""; result := PushEl(result, pidcmnt); end else if ThreadRec[i].err <> "" then begin pidcmnt.pid := ThreadRec[i].pid; pidcmnt.comment := ThreadRec[i].err; result := PushEl(result, pidcmnt); end; continue; end; done := false; end; Application.ProcessMessages; Sleep(100); until done or (GetTickCount-time > length(pids)*500); if not done then for i := 0 to high(threads) do if not ThreadStillActive(threads[i]) then TerminateThread(threads[i], 0); end;

Вторая часть - менее важная:
procedure TMainForm.Button1Click(Sender: TObject); var fname: string; f: THandle; finfo: TByHandleFileInformation; pids: TPIDsComments; i: integer; begin ClientHeight := Button1.BoundsRect.Bottom + 5; fname := FileEdit1.FileName; f := CreateFile(PChar(fname), 0, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); try ClientHeight := Button3.BoundsRect.Bottom + 5; PListBox.Clear; Application.ProcessMessages; pids := FindProcessesUsingFileEx(f); if pids <> nil then begin for i := 0 to high(pids) do with pids[i] do begin PListBox.Items.Add(IntToStr(pid)+" ("+IntToHex(pid, 8)+"h) "+comment); end; end else begin MsgBox("Not found"); ClientHeight := Button1.BoundsRect.Bottom + 5; end; finally CloseHandle(f); end; end;
Используются некоторые нестандартные функции, так что нужно подкручивать. Очень краткое описание: создаём в каждом (!) процессе системы удалённую нить, которая переберает в буквальном смысле возможные handle для нашего файла, который идентифицируется TByHandleFileInformation.

> ors_archangel © (18.01.07 20:33) [5]

> Сам написал, может не работь, а если работает, то долго :)

http://rsdn.ru/Forum/Message.aspx?mid=314506&only=1

--
Regards, LVT.

разблокировать чужой файл Найти похожие ветки