File Locks and win32

The other day I was watching some stuff on a video stream site. It was a knockoff of the all popular youtube, but this one took extra steps to make sure you could not download their videos.

The easiest method for me to download videos from sites like this is to just check the temp internet folder and copy the file from there. This site was different. The file was in use by firefox the entire time (IE as well) and could not be copied or opened or written to without getting the classic ‘access denied’ message. Windows as we all know wont let you delete files that are in use including DLL’s and temp files (as we’ve all seen with malware). I believe it used a method similar to this:

http://msdn.microsoft.com/en-us/library/aa365203%28v=vs.85%29.aspx

LockFileEx Function

BOOL WINAPI LockFileEx(
  __in        HANDLE hFile,
  __in        DWORD dwFlags,
  __reserved  DWORD dwReserved,
  __in        DWORD nNumberOfBytesToLockLow,
  __in        DWORD nNumberOfBytesToLockHigh,
  __inout     LPOVERLAPPED lpOverlapped
);
Whats it do? Locks the specified file for exclusive access by the calling process. This function can operate either synchronously or asynchronously and can request either an exclusive or a shared lock.
The second parameter, specifically the double word value is what gets me. When set to LOCKFILE_EXCLUSIVE_LOCK (0x00000002) any access to the shared segment of the file (which could be the whole damn thing) will result in our access denied message.
I tried numerous little techniques to get around this such as attaching to the process and attempting to insert code to waive the lock with UnLockFileEx(), but it failed and is too damn hard to pull off. Another idea I had was to just read the damn file from memory, but then I would be left with a HUGE chunk of hex data that’s supposed to be the video. I had almost given up hope when I remembered something about Posix – symlinks.
Windows doesn’t have symlinks per say, but rather HardLinks. A little known fact about hard links is that when the file you link to is deleted, the contents of the file are copied over, no questions asked to the file you linked from.
Here is the function and args:

CreateHardLink

http://msdn.microsoft.com/en-us/library/aa363860%28v=vs.85%29.aspx

BOOL WINAPI CreateHardLink( __in        LPCTSTR lpFileName, __in        LPCTSTR lpExistingFileName, __reserved  LPSECURITY_ATTRIBUTES lpSecurityAttributes );

Seems self explanatory. Funny enough the security attributes param is supposed to be null since they never implemented it (yay).

So what do we do? C to the rescue:

#include <windows.h>
#include <stdio.h>

int main(int argc, char **argv[])
{

if(argc < 2)
{
printf("usage is %s path + file to locked file\r\n",argv[0]);

return 0;

}
else
{
char *lockedfilename = argv[1];
char *newfilename = argv[2];

if(CreateHardLink(newfilename,lockedfilename,NULL))
{
printf("Hard Link created between %s and %s\r\n",lockedfilename,newfilename);
system("pause");
return 1;
}
else
{
printf("something went wrong, you prolly specified a bad file or something\r\n");
return 0;
}
}
}
}

If there’s a syntax error in this code, I’m sorry. I wrote the C off the top of my head. My little program allows you to save locked files to a new location. Further modifications to the code would be to call DeleteFile() or something like that after the link is created. Oh well.

2 thoughts on “File Locks and win32

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.