2

I have a question that I believe that is complex. I have an application that I execute under my Windows and it takes a long time to finish. I want to keep it running (normally), however I want to kill the file on disk - but obviously it's not possible because it's locked / in-use. I need a way to disassociate it from the running process to kill it and at the same time keep the file running. Any example of code or tool is very welcome.

Well, workarounds are welcome, for example, if there is a way to spawn it from a process, key the master and migrate the child to kill the app, or any other idea that works is welcome - even the ugly ones. :)

Thanks.

Ross Patterson
  • 9,527
  • 33
  • 48
user1007489
  • 123
  • 1
  • 6
  • 2
    When an application reads a file, the file is locked, this happens on pretty much any operating system. What you want to do makes no sense, you want to delete a file an application is reading, if you delete the file the application will simply fail. I do not believe what you want is possible. Have you thought about changing how the application works, so it reads the file and then releases the lock, then does whatever it does with the file in memory? – Security Hound Oct 26 '11 at 13:26
  • 1
    you'll need a way to notify the application to stop using the file and closing the connection. – Asken Oct 26 '11 at 13:28
  • I don't know why you're getting downvoted... it's a perfectly legitimate systems question. On Linux, for example, it's possible to delete the binary on disk while the application is running. I think there are no guarantees made about swapping in portions of the text segment after you delete it, but there's nothing stopping you. His question is whether something similar is possible on Windows. – tdenniston Oct 26 '11 at 13:53
  • Yep, denniston.t is correct, that's exactly what I think. thanks. – user1007489 Oct 26 '11 at 14:36
  • It's possible, but it's something malware would do. – harold Oct 26 '11 at 15:15
  • @harold that's true... but in my world of systems academia I like to err on the side of thinking it's all right to be curious about such things and understand how they work. And I like to give people the benefit of the doubt off hand :-). – tdenniston Oct 26 '11 at 15:18
  • @denniston.t, I may be wrong, but I believe in Unix systems when you delete a running executable only the directory link is removed; the file itself remains on disk until the executable closes. – Harry Johnston Oct 27 '11 at 23:34
  • You could try encrypting the file before launching it, then removing all the decryption keys using RemoveUsersFromEncryptedFile. The file will still be there, but it won't be readable. – Harry Johnston Oct 27 '11 at 23:47
  • @Harry Johnston: Interesting, you could very well be right. That would make sense, because then swapping isn't an issue. – tdenniston Oct 28 '11 at 01:22

3 Answers3

1

A couple of suggestions (completely stolen) from this questions answers:

You could use the MoveFileEx api function to mark the file for deletion upon next reboot.

You can inject a dll to close the handle yourself:

The typical method is as follows. You've said you want to do this in C# so here goes...

  1. If you don't know which process has the file locked, you'll need to examine each process's handle list, and query each handle to determine if it identifies the locked file. Doing this in C# will likely require P/Invoke or an intermediary C++/CLI to call the native APIs you'll need.
  2. Once you've figured out which process(es) have the file locked, you'll need to safely inject a small native DLL into the process (you can also inject a managed DLL, but this is messier, as you then have to start or attach to the .NET runtime).
  3. That bootstrap DLL then closes the handle using CloseHandle etc. Essentially: the way to unlock a "locked" file is to inject a DLL into the offending process's address space and close it yourself. You can do this using native or managed code. No matter what, you're going to need a small amount of native code or at least P/Invoke into the same.

Helpful links:

http://www.codeproject.com/KB/threads/winspy.aspx
http://damianblog.com/2008/07/02/net-code-injection/

Community
  • 1
  • 1
Sam Holder
  • 32,535
  • 13
  • 101
  • 181
  • Hi Sam Holder. I was thinking about it, but this requires administrative privilege since it writes to a HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations which requires administrator privilege and is not the case where my app is running. Any other idea? Thanks. – user1007489 Oct 26 '11 at 13:41
  • i added some (stolen) answers from another question – Sam Holder Oct 26 '11 at 13:44
  • @Sam, I don't think injecting a DLL will work in this case, because I don't think an application can close the handle to its own executable. Even if this were possible, there would be no need to inject a DLL into the process, because it is the OP's own code! – Harry Johnston Oct 27 '11 at 23:36
0

That is a matter the application you want to kill has to handle. It shouldn't keep files open during a long running process. If the application doesn't close the file, killing it will lead to exception in that application.

Fischermaen
  • 12,238
  • 2
  • 39
  • 56
  • 1
    Fischermaen I don't want to kill the application, I want to keep it running, I just want to delete it from disk. Thanks – user1007489 Oct 26 '11 at 13:25
  • 1
    @user1007489 Why should one delete an application running on the system? Sorry, but that is completely nonsense. Every uninstaller first stops the application and then removes it from disk. – Fischermaen Oct 26 '11 at 13:27
  • @Fischermaen - I think he means the file, a file that is being read by an application, which is also complete nonsense of course. – Security Hound Oct 26 '11 at 13:30
  • 1
    @Ramhound - we are talking about the same. – Fischermaen Oct 26 '11 at 13:32
  • 1
    @Fischermaen - I know we are...as you said...complete nonsense :-) – Security Hound Oct 26 '11 at 13:33
  • My idea is use it to protect my software. Sorry if it's nosense to you. Thanks – user1007489 Oct 26 '11 at 13:43
  • @user1007489 How will you protect you software? Should the user install it every time he wants to use it, because your app is killing itself by each run? There are a couple of solution to protect your software (Licence-Management etc.) – Fischermaen Oct 26 '11 at 16:00
0

Not sure if this will work on every Windows version, but here it is:

  1. Rename process executable "foo.exe" to "foo.old"
  2. Put new "foo.exe" to correct place
  3. Send message to process, so it will execute new "foo.exe" image and terminate himself.
  4. On start, remove "foo.old" file in program directory.

Update: oops, looks like you do not want to put new image, just remove old one. Then MoveFileEx is only "legal" option.

blaze
  • 4,326
  • 18
  • 23
  • Hi, This is very interesting question, I searched and found a few potential solutions... http://stackoverflow.com/questions/10319526/understanding-a-self-deleting-program-in-c (looks very nice, not sure if it works). http://www.codeproject.com/Articles/4027/Writing-a-self-destructing-exe-file (not nice code, but should workd). http://www.rohitab.com/discuss/topic/13098-self-delete-after-running-itself/ ( Look for Napalm code, very nice, but not sure if it works). If you find a reliable solution, please, post here, I'm interested too. Good luck. – user1007489 Aug 14 '12 at 18:39