Jump to content

Basic File Unlocker

monoceres

By monoceres,
in AutoIt Example Scripts

 Share

Recommended Posts

monoceres Universalist

monoceres

Posted
Posted

New release, this time I took a deep dive into the internals of windows to create a script that can find and close file handles in remote processes.

Usage:

Ever been annoyed by files that can't be deleted because some process have locked it(like explorer.exe)? With this neat little program those worries are all gone!

Drag 'n drop a file into the GUI, the script will immediately start searching the system for open handles to the file. When all the handles are found you will be asked what to do.

Press right button on GUI to view About dialog.

DISCLAIMER! IMPORTANT TO READ

As mentioned before this script uses undocumented function that microsoft does not give any support for. This means that the function may change without any warning by microsoft and unprediticeble effects can occour. An example of this is that unnamed pipes will be enumerated by the nt functions and trying to access this pipes will lead to extremely hard crashes (such has bluescreens and total system lockup). I have made checks to avoid access to these pipes, but as mentioned before, the function might change at any time so there aren't no guaranteses. The script is dangerous everall since it allows you to close handles to file that a process is trying to read or / and write to. This may cause crashes in respective process, therefore...

I take no responsibility for the possible effects of this script, you have been warned.

Just be careful.

Download

http://monoceres.se/Uploads/basic_unlocker.zip

Other

When comparing this script to other programs around the net you will notice that this script is really slow compared to the others, that's because most of them uses custom Nt Kernel drivers, something that obviously cannot be done in AutoIt.

I would also like to thank molotov @ sysinternals forum, I could never have done this without his help.

Enjoy! :P

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites
wraithdu Universalist

wraithdu

Posted
Posted

Well, I can't say 100% that it's working or not...I can't seem to find an open handle on this computer. I tried explorer.exe, ntdll.dll, user32.dll, ntkrnlpa.exe.... I thought at least one of these (really all) should be open. This is an XP SP2 machine. Any ideas? Another way I can be sure to force an open handle for testing? Or to see if something internally is failing?

Link to comment
Share on other sites
monoceres Universalist

monoceres

Posted
  • Author
Posted

Well, I can't say 100% that it's working or not...I can't seem to find an open handle on this computer. I tried explorer.exe, ntdll.dll, user32.dll, ntkrnlpa.exe.... I thought at least one of these (really all) should be open. This is an XP SP2 machine. Any ideas? Another way I can be sure to force an open handle for testing? Or to see if something internally is failing?

Try playing a video or listen to a song, that's what I did.

I don't find any handles to explorer.exe either. My guess is that it only enumerates things opened with CreateFile() and such.

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites
TehWhale Universalist

TehWhale

Posted
Posted

Obviously, another great script by monoceres! I think you should keep a .zip with every useful program you have made, and have a spot where users can download them :P

[OffTopic]I will have to talk with you about some GDI+ stuff at 1 PM IPBoard time :([/OffTopic]

Link to comment
Share on other sites
monoceres Universalist

monoceres

Posted
  • Author
Posted

Hmmm, still no love on my XP work box. Freezes on Vista, of course LOL

I'll have to give it a shot on my XP box at home.

Just for the record, this was developed on Win Vista Ultimate x86, tests were performed in VM on Win XP Pro x86.

x64 will probably fail.

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites
Lazycat Universalist

Lazycat

Posted
Posted

This should be nice thing, I long time thought about this in AU3. Sadly, this didn't work on WinXP (don't know about Vista).

I quickly look code, probably the first bug is incorrect OS_FILE value for XP. As mentioned here this value should be 28 for WinXP. After I changed this, script correctly processes about 130 file handles and then deadly freeze. Looks like this occur in the NtQueryInformationFile and/or NtQueryObject call. Maybe this will help you.

Koda homepage ([s]Outdated Koda homepage[/s]) (Bug Tracker)My Autoit script page ([s]Outdated mirror[/s])
Link to comment
Share on other sites
ptrex Universalist

ptrex

Posted
Posted

@monoceres

Very Nice !!

Is this a replacement for the famous Unlocker

PS: It runs on my XP SP3 - x86 machine. But no open handles detected ?

Regards

ptrex

Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM  - New

Link to comment
Share on other sites
monoceres Universalist

monoceres

Posted
  • Author
Posted

This should be nice thing, I long time thought about this in AU3. Sadly, this didn't work on WinXP (don't know about Vista).

I quickly look code, probably the first bug is incorrect OS_FILE value for XP. As mentioned here this value should be 28 for WinXP. After I changed this, script correctly processes about 130 file handles and then deadly freeze. Looks like this occur in the NtQueryInformationFile and/or NtQueryObject call. Maybe this will help you.

Oh, I was so sure I changed that. Thanks, fixed it now.

Just tested with the new fix on my xp laptop, it works without any problems, the only reason I can think of is that it seems to have problems with parent processes or something (i noticed freezes when trying to query objects from Scite.exe, autoitwrapper.exe and autoit.exe), however I haven't got any freezes with the exe, so be surre to try it as well.

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites
wraithdu Universalist

wraithdu

Posted
Posted

I've done some digging. The app freezes when calling NtQueryInformationFile on this object -

C:\Windows\System32\en-US\user32.dll.mui

I used Process Explorer to find the next object in the current PID AFTER the last successful query.

And one fix, in your NtQueryObject call, the "Length" of the string returned is the length in bytes, not including the terminating null, so your struct should be

$devicestr = DllStructCreate("wchar[" & Ceiling(DllStructGetData($poti, "Length") / 2) & "];", DllStructGetData($poti, "buffer"))

....I think :P

Link to comment
Share on other sites
monoceres Universalist

monoceres

Posted
  • Author
Posted

I've done some digging. The app freezes when calling NtQueryInformationFile on this object -

C:\Windows\System32\en-US\user32.dll.mui

I used Process Explorer to find the next object in the current PID AFTER the last successful query.

And one fix, in your NtQueryObject call, the "Length" of the string returned is the length in bytes, not including the terminating null, so your struct should be

$devicestr = DllStructCreate("wchar[" & Ceiling(DllStructGetData($poti, "Length") / 2) & "];", DllStructGetData($poti, "buffer"))

....I think :idea:

Of course :P

I updated with your fix :(

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...