FlexHEX Editor - Just the Right Tool to Edit Binaries

Tutorials

Hex Editing for Beginners

Modification Tracking

File Comparison

Hot Tracking File Changes

Accessing Locked Files

Online Help

Introduction

Files and Drives

Inspecting Data

Editing Data

Navigation

Search and Replace

Tools

Complex Data Types

Advanced Features

Articles

NTFS Alternate Streams

Links, Junctions, Shortcuts

NTFS Sparse Files



      
 

 

Lock Picking: Accessing A Locked File

Sometimes it is necessary to see into a file opened by another application in exclusive mode. FlexHEX lets you do just this. The Open / Locked File command bypasses the file system, so ignoring system locks and security descriptors.

Tip Hot-tracking is active for locked files as well as for ordinary read-only files. Note that read/write locked files are also tracked, not only read-only ones.

Read-Only Access

Accessing a locked file in read-only mode works exactly the same as accessing an ordinary unlocked file. You probably won't notice much difference at all. However locked files are being read in unbuffered mode, and operations involving a lot of reads will take quite a time.

Read/Write Access

Writing into a locked file is tricky and has a lot of quirks. Avoid modifying a locked file unless you really have to. After all, there is always a good reason why the file is locked, and forcing the lock may lead to data or system corruption.

Fixed Size

You cannot change the size of a locked file. Changing the file size requires modification of the correspondent MFT record, and updating a record that is cached by NTFS will most likely corrupt it.

Resident Files

If the file is very small (say, a hundred bytes or so), NTFS does not allocate disk space for it. Instead, it keeps the file data in the file's MFT record as a resident attribute. Overwriting an MFT record will certainly cause a conflict with the file system, so FlexHEX will not allow saving your changes until the file is increased and is moved out of the MFT.

Cache conflicts

When you save the changes you made to a locked file, the file system is not aware the disk data is changed. If the file data reside in the file cache, the file system will serve read requests from the cache without reading the actual data. As a result other application will not notice your changes until the cache is reset.

You can use the Dismount utility to reset the cache and dismount the drive (it will be mounted automatically on the next access). However you can't dismount a drive that has open files on it, so this utility is of limited usefulness.

Downloads

Download Dismount.exe.
Download VC++ Dismount sources.

Comments? Suggestions? Please feel free to let us know.

 
Copyright © 2007 Inv Softworks LLC
All rights reserved		  
Home | Product | Download | Order | Support | Documentation | Company