Hey.
i need to copy a file that is being accessed by another program. the acess to file is not as Copy_allowed, so i can't copy it the normal way.
i thoguh of someting lie...get the file psition on the disk adn tehn copy byte for byte of the file into a new file....
any ideas on how to do that?
thx
Posted on 2004-09-16 20:25:45 by ReVeR
If it's open then it's in memory. I wrote a crude memory editor where you can feed the program a search string and it will find it for you then you can cut and paste. Pay close attention to the instructions. Like I said it is crude. I'm mostly a hardware guy.
Posted on 2004-09-17 13:19:42 by mrgone
It doesn't have to be in memory just because it's open. Parts of the file may reside in memory, on disk or both. In Windows 9X you can probably use some tricks to gain access to the file, but I don't know what you'd do on NT.
Posted on 2004-09-17 13:58:09 by Sephiroth3
Whay ever is viewable has to be in memory. By the way that program only works in NT based platforms.
Posted on 2004-09-17 18:26:21 by mrgone
if the file is open, ex in c
++( file f.open(test.txt");
then it is not in the meme, but it is still acess disallowed.....
is there like a way to read stuff from the hd on a low level so this restriction dones't apply?
Posted on 2004-09-17 23:32:44 by ReVeR
ReVeR,

If the application that opened the file first has it locked, you are in trouble with any of the later versions of Windows. It may be possible to find a hack if you did enough work but there would be no reason to think it will work on other Windows versions.

If its your application that opened it first, change the application to ensure it is not locked.

Regards,

hutch at movsd dot com
Posted on 2004-09-18 02:11:42 by hutch--
forget about "low level" access - it's "some work" to implement FAT filesystem support, and you're just not going to implement NTFS support. Besides, there might be other filesystems in the future (and already now, though not many people use those).

It might be possible to do some kernel-mode trickery to allow access, or if you know the specific process that has the file open you could perhaps inject code into that process to be able to read the file..
Posted on 2004-09-18 03:26:58 by f0dder
hmm....that is my second way of doing it.....
i think i can inject a .dll into a process, but how would i get the acess to the file then?
will winx xp(ntff) allow me to copy the fie by conventional, means, read it into the memeory , and then reacreate it from the memeory?
Posted on 2004-09-18 08:41:00 by ReVeR

but how would i get the acess to the file then?

You would need to find out where the file handle is stored in the program. This requires Reverse Engineering, and thus you'll have to do it on your own, as we can't discuss RE on this board.

Once you know where the file handle is stored, there's a few things you can do. You could probably use DuplicateHandle and use that handle directly in your own app (requires some inter-process communication between your injected code and the injecting process), but since it's only a DWORD you need to pass, this is easy (like, stuffing it in a register, go to an infinite loop in your injected thread, and have the host program GetThreadContext and read the register). My XCOM patch-loaders might be of help here, check http://f0dder.has.it .

Btw, why do you need to access a locked file?
Posted on 2004-09-18 09:27:58 by f0dder
why i need the access if for the next reason:
i got a prog, that writes it stat's into a .dat file while it is operational. I want to know what exectyly is it writing into the file, The file is mailed out to the server and deleted when the program is closed.
so this is a screwed up scenario for me. i need the prog. i donno what it is mailing out, and i can;t recover the file.
For the sake of simlicity, i want to know what is in the file that is being accessed.
Posted on 2004-09-19 00:04:08 by ReVeR