4

I'm trying to get file handle of any running process in C++ . This is my code:

#include <windows.h>
#include <process.h>
#include <Tlhelp32.h>
#include <winbase.h>
#include <string.h>
void killProcessByName(const char *filename)
{
    HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
    PROCESSENTRY32 pEntry;
    pEntry.dwSize = sizeof (pEntry);
    BOOL hRes = Process32First(hSnapShot, &pEntry);
    while (hRes)
    {
        if (strcmp(pEntry.szExeFile, filename) == 0)
        {
            HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0,
                                          (DWORD) pEntry.th32ProcessID);
            if (hProcess != NULL)
            { 
                CloseHandle(hProcess);
            }
        }
        hRes = Process32Next(hSnapShot, &pEntry);
    }
    CloseHandle(hSnapShot);
}
int main()
{
    killProcessByName("WINWORD.EXE");
    return 0;
}

The code is working fine but the required handle isn't getting released. Is there some problem in the comparison (strcmp ) part? Or is there something else I'm doing wrong?

No Idea For Name
  • 11,411
  • 10
  • 42
  • 70
user2518829
  • 53
  • 6
  • What do you mean "the handle is not getting released"? What does "released" mean in this context. You are opening a process, then close the handle again. That should release the handle - by what means are you determining that something is not released? Or are you simply expecting that your OpenProcess is somehow doing something more than give you a handle back for that process - e.g. that it has the same effect as `TerminateProcess(handle)`? – Mats Petersson Jul 30 '13 at 12:38
  • By released, i refer to * CloseHandle* . This handle isnt getting released/closed. My file still has it's handle active and i'm unable to delete or rename it . & yes i'm not expecting Openprocess() to do something like :terminateprocess() . I know it is supposed to give me a handle back. but the problem is my program errs at strcmp . Why is it so ? – user2518829 Jul 30 '13 at 12:40
  • "errs at strcmp" means exactly what? And `CloseHandle` here just closes the handle you just opened with `OpenProcess`, it won't allow you to, for example, rename the .exe file that is currently running - the OS holds this file open until it exits - no outside manipulation will change that. – Mats Petersson Jul 30 '13 at 12:51
  • Ofcourse not, once i release it's handle , it'll allow me to delete or rename it even if it's opened up as otherwise one cannot !! doesnot need to exit . That's why i'm not using TerminateProces(). I just need to release the handle. but it's not working.I'm confused why? – user2518829 Jul 30 '13 at 12:54
  • No, because you are closing a DIFFERENT handle than the one that was opened by the OS inside `CreateProcess()` - that's like saying caling `FILE *f = fopen("foo.txt", "r"); fclose(f);` will close `foo.txt` that is held open by notepad... – Mats Petersson Jul 30 '13 at 12:57
  • ohww.. I guess that is the much needed reply to why isnt the file handle getting released . Thankyou so much. But then, how am i supposed to close the handle created by OS ? – user2518829 Jul 30 '13 at 13:03
  • You are not. The OS holds the handle open, because it uses that file to swap code in from (it only loads the first 4KB directly, the rest is "available on disk, as and when the program needs it" - this is why you see a whole lot of disk-activity when you start a large program AFTER it has actually started). If you actually succeeded, chances are pretty good that the process would crash if it ever needed to fetch more code from disk. – Mats Petersson Jul 30 '13 at 13:07
  • I get your point ,but then how does s/w like File Unlocker work? – user2518829 Jul 30 '13 at 13:11
  • It probably tricks the OS to close files that isn't owned by the current process - but like I said, doing so will seriously mess with the system if you don't know 100% sure that the file is not to be used ever again. – Mats Petersson Jul 30 '13 at 13:12
  • yeah i'm doing that explicitly. That's what i'm keen to know how (the trick ?if u know ) .I'm working on this project only . and yes Thankyou so much again. I was confused like for 4 weeks because of this. – user2518829 Jul 30 '13 at 13:16
  • Well, to find out how those tools do that, you'll have to reverse engineer the tools. And bear in mind that it's not the process handle that you want to close, but the file handle to the .exe file that the OS holds open. – Mats Petersson Jul 30 '13 at 13:26

1 Answers1

1

The use of CloseHandle here is perfectly correct, it's just the assumption about what it actually does that is incorrectly. It closes the handle just opened by OpenProcess, and will not in any way help in being able to alter (delete or rename) the executable file, because that file is held open inside the OS. The OS holds the file open because executable files (and DLLs) are "demand loaded", which means that the OS doesn't load the entire executable at once, it only loads what it actually needs for the time being. Later on, when code that hasn't been run before is needed, it loads those bits.

Mats Petersson
  • 126,704
  • 14
  • 140
  • 227