2

I am developing a Windows backup application (mixed Go / C++) that needs to backup files from the disk.

My application

  1. runs as a user in the "Backup Operators" group, and also with "Back up files and directories" explicitly enabled in secpol.msc
  2. calls OpenProcessToken() and AdjustTokenPrivileges() to grant SeBackupPrivilege for the whole process, successfully
  3. takes a VSS snapshot of the disk, successfully

  4. walks over all files in the VSS snapshot, and then tries to back them up as follows:

    CreateFile( path, GENERIC_READ, FILE_SHARE_READ, NULL, // SecurityAttributes OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS|FILE_FLAG_SEQUENTIAL_SCAN NULL // TemplateFile );

  5. Calls BackupRead() to read file streams.

This normally works fine, and I can successfully read files for which my user account would normally be denied read access to (e.g. C:\Windows\System32\config\systemprofile).

But despite this, some "stubborn" files still give an error, from CreateFile: 0x5 ERROR_ACCESS_DENIED ("Access is Denied").

I know the "stubborn" files aren't reparse points.

The files exist on a local, internally-attached, SATA, NTFS disk drive - not a network drive or anything exotic.

The "stubborn" files are all files, not directories.

They are a range of file-types (docx, fla, swf, .DS_Store, ...).

There's no special security software installed other than an Antivirus program.

A competititor's backup software is able to back up these files without error.

Why could this possibly be happening?

mappu
  • 329
  • 2
  • 16
  • call `RtlGetLastNtStatus()` instead `GetLastError()` on fail. which will be status ? – RbMm Jul 18 '18 at 05:47
  • if the file is deeply embedded in a folder structure or has weird chars in the file name, you might need POSIX_SEMANTICS to get it. – Clay Jul 18 '18 at 19:18
  • Another possibility is that the file was moved/deleted with MoveFileEx and the move/delete is pending a reboot – Clay Jul 18 '18 at 19:33
  • 1
    The POSIX semantics flag is nearly useless except for allowing `CreateFile` to be able to create a directory. With the default system configuration (since Windows XP), it doesn't even allow case-sensitive opening. It doesn't allow "weird chars" in the name, and doesn't even bypass normal DOS path normalization (as is possible with the "\\?\" prefix). – Eryk Sun Jul 18 '18 at 21:01

1 Answers1

1

This error can be caused by an EFS-encrypted file, for which no key is present.

In this situation CreateFile is not possible under any circumstance.

mappu
  • 329
  • 2
  • 16