Deleting Locked Files

Environment: Windows NT4 SP6, Windows 2000

This is a command line utility to close and delete a file which is locked by another process. I doesn't work with modules.

Usage

FORCEDEL.EXE [/S] filename

/S             Soft delete. Like the "del" command
filename       File name you want to delete

How does it work?

1. Query the used file handles (system wide), and search for the processes which are using the file we want to delete.

For more information, check out the CodeGuru article entitled, Examine Information on Windows NT System Level Primitives.

2. Start a remote thread (CreateRemoteThread) to close the given handle in every found process (#1)

Code

The following code closes a handle in a remote process. The handle must be remote process specific.

/*
Note: 1. SE_DEBUG privilege must be enabled. 
      2. The function works with every kind of HANDLE
      3. It will bother the remote process :)
      4. The handles will be invalid after you closed 
         them remotely
*/

//Close a handle in a remote process
DWORD CloseRemoteHandle( DWORD processID, HANDLE handle )
{
 HANDLE ht = 0;
 DWORD rc = 0;
	
 _tprintf( _T("Closing handle in process #%d ... "), 
          processID );

 // open the process
 HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD 
                                | PROCESS_VM_OPERATION 
                                | PROCESS_VM_WRITE 
                                | PROCESS_VM_READ, 
                                FALSE, processID );
	
 if ( hProcess == NULL )
 {
  rc = GetLastError();
  _tprintf( _T("OpenProcess() failed\n") );
  return rc;
 }

 // load kernel32.dll
 HMODULE hKernel32 = LoadLibrary( _T("kernel32.dll") );

 // CreateRemoteThread()
 ht = CreateRemoteThread( 
  hProcess, 
  0, 
  0, 
  (DWORD(__stdcall *)(void*))GetProcAddress(hKernel32,"CloseHandle"),
  handle, 
  0, 
  &rc );
	
 if ( ht == NULL )
 {
  //Something is wrong with the privileges, 
  //or the process doesn't like us
  rc = GetLastError();
  _tprintf( _T("CreateRemoteThread() failed\n") );
  goto cleanup;
 }

 switch ( WaitForSingleObject( ht, 2000 ) )
 {
  case WAIT_OBJECT_0:
   //Well done
   rc = 0;
   _tprintf( _T("Ok\n"), rc );
  break;
	
  default:
   //Oooops, shouldn't be here
   rc = GetLastError();
   _tprintf( _T("WaitForSingleObject() failed\n") );
   goto cleanup;
  break;
 }

 cleanup:
 //Closes the remote thread handle
 CloseHandle( ht );

 //Free up the kernel32.dll
 if ( hKernel32 != NULL)
  FreeLibrary( hKernel32 );

 //Close the process handle
 CloseHandle( hProcess );
	
 return rc;
}