SHARE

Deleting Locked Files

Environment: Windows NT4 SP6, Windows 2000 This is a command line utility to close and delete a file which is locked by another process. I doesn’t work with modules. Usage FORCEDEL.EXE [/S] filename /S Soft delete. Like the “del” command filename File name you want to delete How does it work? Query the used file […]

Written By

CodeGuru Staff

Nov 14, 2000

1 minute read

CodeGuru content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Environment: Windows NT4 SP6, Windows 2000

This is a command line utility to close and delete a file which is locked
by another process. I doesn’t work with modules.

Usage

FORCEDEL.EXE [/S] filename

/S             Soft delete. Like the "del" command
filename       File name you want to delete

How does it work?

Query the used file handles (system wide), and search for the processes
which are using the file we want to delete.

For more information, check out the CodeGuru article entitled,
Examine Information on Windows NT System Level Primitives.

Start a remote thread (CreateRemoteThread) to close the given handle in
every found process (#1)

Code

The following code closes a handle in a remote process. The handle must be
remote process specific.

/*
Note: 1. SE_DEBUG privilege must be enabled.
      2. The function works with every kind of HANDLE
      3. It will bother the remote process :)
      4. The handles will be invalid after you closed
         them remotely
*/

//Close a handle in a remote process
DWORD CloseRemoteHandle( DWORD processID, HANDLE handle )
{
 HANDLE ht = 0;
 DWORD rc = 0;

 _tprintf( _T("Closing handle in process #%d ... "),
          processID );

 // open the process
 HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD
                                | PROCESS_VM_OPERATION
                                | PROCESS_VM_WRITE
                                | PROCESS_VM_READ,
                                FALSE, processID );

 if ( hProcess == NULL )
 {
  rc = GetLastError();
  _tprintf( _T("OpenProcess() failedn") );
  return rc;
 }

 // load kernel32.dll
 HMODULE hKernel32 = LoadLibrary( _T("kernel32.dll") );

 // CreateRemoteThread()
 ht = CreateRemoteThread(
  hProcess,
  0,
  0,
  (DWORD(__stdcall *)(void*))GetProcAddress(hKernel32,"CloseHandle"),
  handle,
  0,
  &rc );

 if ( ht == NULL )
 {
  //Something is wrong with the privileges, 
  //or the process doesn't like us
  rc = GetLastError();
  _tprintf( _T("CreateRemoteThread() failedn") );
  goto cleanup;
 }

 switch ( WaitForSingleObject( ht, 2000 ) )
 {
  case WAIT_OBJECT_0:
   //Well done
   rc = 0;
   _tprintf( _T("Okn"), rc );
  break;

  default:
   //Oooops, shouldn't be here
   rc = GetLastError();
   _tprintf( _T("WaitForSingleObject() failedn") );
   goto cleanup;
  break;
 }

 cleanup:
 //Closes the remote thread handle
 CloseHandle( ht );

 //Free up the kernel32.dll
 if ( hKernel32 != NULL)
  FreeLibrary( hKernel32 );

 //Close the process handle
 CloseHandle( hProcess );

 return rc;
}

Deleting Locked Files

Usage

How does it work?

Code

CodeGuru Staff

Company

Categories