Cheat Engine

[porring09]

I've been working for an application/program that will backup files in a specified path/folder or network drive.
my brother test(s) my app then suddenly he found out that it won't work if any other process(s) are currently using the target file to be copied.

I said that because it was handled[Locked] by the process and the Access Rights in not shared for reading. but still he insist , he want me to fix it. and now I'm stock ,

My Problem is I can't Enumerate and determine the File Handle Type.

I use NtQuerySystemInformation to Enumerate File Handles, Actually I already enumerate all System Handles , but another problem is I couldn't determine what kind of Handle is that. Like a File , Directory , Process , Thread , etc.

I don't know if this is the correct flow but i hope someone helps me, I want to understand How and what should i consider when doing all of this stuff.

I search about the HANDLE_TYPE like HANDLE_TYPE_FILE , HANDLE_TYPE_PROCESS , but i couldn't found the Constant value of those ntdll constants.

The Flow of the program must be like this.

1. Try to Copy File [If Locked] Call UnlockThisFile(File)
2. UnlockThisFile::
2.1 Enumerate File Handles [Determine the Type of Handle]
2.2 IF ObjectTypeIndex == HANDLE_TYPE_FILE and NAME == "Filename "then Get the Handle Owner [the Process]
2.3 Call OpenProcess with the Process ID [Thw Owner]
2.4 If HANDLE != INVALID_HANDLE Call CreateRemoteThread
2.5 Pass the File Handle Found during File Handle Enumeration with NtQuerySystemInformation and a Function Pointer , that the Function is used to Call DuplicateHandle and CloseHandle to Unlocked the File.
2.6 Then Continue copy the File is Unlocked.

Something Like that. Thanks in advance , i hope someone knows

[justa_dude]

And how are you going to enumerate the list of open handles or create an execution thread for the machine(s) that are hosting the network share? I must be missing something in your program flow.

[porring09]

base on my Research and in my own Idea , it will be like this,


First I must declare an Pointer to SYSTEM_HANDLE_INFORMATION structure that is an Array of that type then I will use NtQuerySystemInformation , the pointed Array will now Contain the Information I Need , but those are just INFORMATION , its not a Open HANDLE yet , that why I need to Check first all those Handles if was a File Type Handle , if is it , I'll check the Process that owns the Handle then use OpenProcess with some Access Rights to Obtain Handle to the Process , I need to Duplicate the Handle I Found in that Process , then I must reveal if the Name of the Handled file was the same that my app is trying to Copy, if Same then CreateRemoteThread on that Process and the LPTHREAD_ROUTINE to be executed by the Remote Thread is the one that CloseHandle the Target File Handle.

But I don't think if is the correct Way , Im currently studying the use of CreateRemoteThread using vb.net . Im Stock at this point. Please somebody Help me to Complete my Objective .. please.

Oh about the Network Backup Procedure , this feature is not applicable , just for the Local Host Only.