Lock Picking: Accessing A Locked File
Sometimes it is necessary to see into a file opened by another application in exclusive mode. FlexHEX lets you do just this. The Open / Locked File command bypasses the file system, so ignoring system locks and security descriptors.
Hot-tracking is active for locked files as well as for ordinary read-only files. Note that read/write locked files are also tracked, not only read-only ones.
Read-Only Access
Accessing a locked file in read-only mode works exactly the same as accessing an ordinary unlocked file. You probably won't notice much difference at all. However locked files are being read in unbuffered mode, and operations involving a lot of reads will take quite a time.
Read/Write Access
Writing into a locked file is tricky and has a lot of quirks. Avoid modifying a locked file unless you really have to. After all, there is always a good reason why the file is locked, and forcing the lock may lead to data or system corruption.
Fixed Size
You cannot change the size of a locked file. Changing the file size requires modification of the correspondent MFT record, and updating a record that is cached by NTFS will most likely corrupt it.
Resident Files
If the file is very small (say, a hundred bytes or so), NTFS does not allocate disk space for it. Instead, it keeps the file data in the file's MFT record as a resident attribute. Overwriting an MFT record will certainly cause a conflict with the file system, so FlexHEX will not allow saving your changes until the file is increased and is moved out of the MFT.
Cache conflicts
When you save the changes you made to a locked file, the file system is not aware the disk data is changed. If the file data reside in the file cache, the file system will serve read requests from the cache without reading the actual data. As a result other application will not notice your changes until the cache is reset.
You can use the Dismount utility to reset the cache and dismount the drive (it will be mounted automatically on the next access). However you can't dismount a drive that has open files on it, so this utility is of limited usefulness.
Downloads
Download Dismount.exe.
Download VC++ Dismount sources.
Comments (0)