Unlock running EXE file from itself

Question

so I can update or recompile it at runtime even if it's running? 以便即使在运行时也可以在运行时对其进行更新或重新编译？ Should I use the regular file unlocking functions, and in that case, how do I get the file handle of the executable from its own process?

I want to make a stub program that can be compiled and that contains the actual program to run. It would have the same icon and would pass the same parameters to the child program. Then it would terminate itself to let the child running.

It would also contain the source code for being able to recompile, update and repack itself.

Answer 1

Answered in CreateProcess from memory buffer

"Call the CreateProcess function with CREATE_SUSPENDED flag, that tells the API to keep the process suspended until the ResumeThread function is called.

This gives us time to grab the suspended thread's context using GetThreadContext function, ... use WriteProcessMemory to write in-memory exe into the memory space of the suspended process."

The other way, of course, is to emulate a CD drive. Executables on CD drives are run from cache anyway. On older versions of Windows (XP-), the same was true of network shares.

Answer 2

---

Probably it's a very basic way to determine/detect the Windows version as a rough approximate, at least in a practical way ( ). ），这可能是确定/检测Windows版本的大概方式，这是一种非常基本的方法。

Under Windows 95, 98 (9x) and XP (2000, NT...) we all remember that all executable files are automatically locked while they are running.

But under Windows 7, executable files seem to remain unlocked by default, which allows to delete, uninstall, modify, recompile or alter them in the file system at all times, no matter whether they are currently running or not.

Just try to compile a test program under Windows 7 and you will see that you can rename and even delete it (try running and then deleting a program like http://devel.archefire.org/tmp/ClockCount.zip ).

Probably a program like Unlocker could be investigated to use a sequence of API calls that doesn't involve terminating the process:

http://www.emptyloop.com/unlocker/#download

This is the list of imported API calls of the Unlocker binary:

  Ç        ┤╪☺             n┌☺     \┌☺             ☼ GetModuleFileNameExW  ♪ Ge
tModuleBaseNameW  ♦ EnumProcessModules  PSAPI.DLL ^ InitCommonControlsEx  S Ima
geList_ReplaceIcon T ImageList_SetBkColor  8 ImageList_Create  COMCTL32.dll  WS
2_32.dll  ö SHDeleteKeyA  z PathSkipRootW ↨☺StrToIntA 9☺wvnsprintfA 0 PathFindE
xtensionW  ¶☺StrStrW D PathIsDirectoryW  r PathRemoveFileSpecW ☼☺StrStrA p Path
RemoveExtensionW  | PathStripPathW  ~ PathStripToRootW  SHLWAPI.dll ╬♥lstrcmpiW
 ¶☺GetCommandLineW ╫♥lstrlenW  d☺GetFileAttributesW  ç DeleteFileW ┴☻RemoveDire
ctoryW  !♥SetFileAttributesW  ╕☺GetShortPathNameW ╤♥lstrcpyW  m☻MoveFileW ☺☻Glo
balFree  ♀☻GlobalUnlock  ♣☻GlobalLock  ◘☻GlobalReAlloc ·☺GlobalAlloc ╤ FindClos
e α FindNextFileW ╦♥lstrcmpW  ╪ FindFirstFileW  ü☺GetModuleHandleA  6 CloseHand
le è♥VirtualFreeEx û♥WaitForSingleObject m CreateRemoteThread  ╨♥lstrcpyA  ó☺Ge
tProcAddress  │♥WriteProcessMemory  ê♥VirtualAllocEx  é☻OpenProcess X☻LocalFree
 N☻LoadLibraryA  ▒☻ReadFile  ╩♥lstrcmpA  }☺GetLongPathNameW  Y CreateFileW ¬♥Wr
iteFile q☻MultiByteToWideChar δ☺GetVersionExA ╓♥lstrlenA  l☻MoveFileExW û Dupli
cateHandle E☺GetCurrentProcess d♥TerminateProcess  ò☻Process32NextW  i☻Module32
NextW g☻Module32FirstW  Ç☺GetModuleFileNameW  ô☻Process32FirstW t CreateToolhel
p32Snapshot  ¢☻QueryDosDeviceA V CreateFileA ╝ ExitProcess q CreateThread  KERN
EL32.dll  ▀☻wsprintfW Ö DestroyWindow ♥☻PeekMessageA  í DispatchMessageA  ▒☻Tra
nslateMessage  Ö☻ShowWindow  >☻SendMessageA  ‼☺GetDlgItem  U CreateDialogParamA
  Γ☺MessageBoxA ╝ DrawTextA ♫☺GetDC ë☻SetWindowPlacement  ╞ EndDialog w☺GetWind
owPlacement  x☺GetWindowRect ♣☻PostMessageA  ì☻SetWindowTextA  Y☻SetDlgItemText
W X☻SetDlgItemTextA û DestroyIcon ┴☺LoadIconA ▬☺GetDlgItemTextW ₧ DialogBoxPara
mA 9☻SendDlgItemMessageA ├☻UpdateWindow  û☺InvalidateRect  \☺GetSysColor ∩☺Move
Window  ☺☺GetClientRect @ ClientToScreen  ▐☻wsprintfA 7 CharUpperW  ← CallWindo
wProcA ò DestroyCursor å☻SetWindowLongPtrA G☻SetCapture  R☻SetCursor ╜☺LoadCurs
orA ☼☻PtInRect  ,☻ReleaseCapture  _☺GetSystemMetrics  USER32.dll  ♫☻SelectObjec
t  : CreateFontIndirectA ò☺GetObjectA  GDI32.dll ♀ GetSaveFileNameW  comdlg32.d
ll  ♦☻RegSetValueExA  ♣☻RegSetValueExW  ╦☺RegCloseKey ╤☺RegCreateKeyExA ∞☺RegOp
enKeyExA ≈☺RegQueryValueExA  Γ FreeSid 6☻SetNamedSecurityInfoW *☻SetEntriesInAc
lA  ↔ AllocateAndInitializeSid  ADVAPI32.dll  • CommandLineToArgvW  ¢ SHFileOpe
rationW  å SHCreateDirectoryExW  ╜ SHGetPathFromIDListW  z SHBrowseForFolderW
╖ SHGetMalloc ◙☺ShellExecuteExW . ExtractIconExW  •☺ShellExecuteA SHELL32.dll m
 CoUninitialize  ? CoInitialize  ole32.dll