locked file..in a different way

Discussion in 'Computer Information' started by Robert Baer, Jan 12, 2014.

  1. Robert Baer

    Robert Baer Guest

    Well, i tried to install the FA-930 driver for the Casio KL-8100,
    which i KNOW works for Win2K (this was for newer HD build).
    Well, it fails as the present CD seems to be an incomplete copy (4
    files missing).
    So, i made a new folder(see * below) with all files from the working
    installation, and the folder structure and files all compare (the 4 are
    now where they belong).
    Run Setup.exe and it INSTANTLY dies, no clue as to reason(see * below).
    Previously, i found that when a sub-folder had a missing file, Setup
    would run,show files being loaded and then error stop giving folder
    location & missing file name.
    After exiting, and using ProcessExplorer to verify no extraneous
    running programs, i would find at least one source file "locked by a
    program" as indicated by a Win msg; impossible to find that program
    because the loader now is NOT RUNNING!
    End result with this new info,is that (when something is locked)
    handles are definitely NOT being cleared by any kind of garbage collector.

    Is there a program that i can run that will "sweep out" all trash
    (un-used handles)?
    I think it might be wise the program does not use the registry
    garbage pit for install, and might look there for what i will trash echos.
    * WTF program dying from above.
    The complete program set as mentioned dies instantly as mentioned.
    CASES: 1) everything in stick folder tagged Read-Only to emulate a CD,
    2) everything in stick folder NOT tagged Read-Only, 3) only Setup.exe
    tagged, 4) all but Setup.exe tagged, 5,6,etc) COPIES from present CD
    direct or untagged,or whatever.
    EXCEPT for the original CD, ALL VARIANTS die instantly.

    Dammit all to heck,i need a WORKING install disk!
    I have verified that (after a false start) setup.exe from one version
    to another all FC; i presume that FC does not care about file extents.
    Robert Baer, Jan 12, 2014
    1. Advertisements

  2. Robert Baer

    Paul Guest

    This page will give you some idea how handles work.


    They're stored in the paged pool, and returned to the pool area when no
    reference to them exists any more.

    So the basic function, appears to exist in kernel space. And programs
    make kernel calls to do stuff.

    Since your kernel and my kernel are the same, the behavior should be
    consistent *at the kernel level*. That's why, when I try to construct
    a theory as to what is wrong with your system, I look for two applications
    to get into a fight. Rather than theorize it's the kernel (or a driver).
    And a driver should (normally), mind its own business. Drivers don't
    go around grabbing handles used by applications or by other drivers.
    And that's why my suggestions will likely continue to point at
    programs as being at fault.

    the closest thing to "meddle-some" is AV programs. They get
    into everything. And mess with everything. That's the closest
    thing to "ill-behaved" on a computer, the root-kit we call the
    AV program.

    In your case, the theory was that two programs are attempting to access
    the same file. Perhaps an AV program opens the file, and scans it. At
    the same time, as you the user is attempting to do something to the file.

    When a program file (.exe) exits, I don't see a reason for a handle to it
    to stick around. Unless an AV is scanning it, and at that point, it's
    too late for scanning to do any good.


    Also, don't get too wound up about the "Read Only" flag. It's meaning is
    overloaded, and it is used for more than indicating something can only
    be read. I think it implies a folder is customized or something. I'm
    not really a fan of Windows permissions, as the display of the information
    is all over the place, and it's pretty hard to figure out, and later,
    keep track of how it all works. The Unix/Linux idea, of at least showing
    permissions when listing files in a shell, makes the base permissions
    on a file easier to understand.

    Unix/Linux overloads the meaning of bits as well. But the difference is,
    the "stuff you don't know", doesn't usually bite you on the ass.
    Things like sockets and setuid are still important, but for the things
    a user typically desires to do, you don't need to know about them. I just
    find even the basics in Windows, hard to figure out. Like, remembering
    what the Read-Only bit means, when it's set on a folder :) It doesn't
    mean Read-Only.

    Paul, Jan 12, 2014
    1. Advertisements

  3. Robert Baer

    Robert Baer Guest

    * I have found that if folder properties show R/O, then there is at
    least one file (or folder) in it that is R/O. Unchecking the folder R/O
    and clicking "Apply to all" will always uncheck R/O for all contents.
    That means R/O for a folder is technically meaningless FOR THE FOLDER
    - only meaningful for a file or files inside.
    Attrib will show "R" only for files that are marked R/O and not for
    any folder a R/O file is in (no matter how deep):
    A D:\TesrRO\LETTERS\trust_application.pdf
    A D:\TesrRO\STOX
    Naturally, since i went to the trouble to make a sample, "Properties"
    for the folders are now not working as they did.
    OK, it sort-of makes sense that some OTHER, UNRECOGNIZED (by me)
    program may be the "locker" in some cases.
    The AV program may just be the culprit - so assume it is, as follows:
    1) i do something to a file (usually edit it via Word, or CorelDraw or
    ParaBen Screen Capture) and sometime during that work, AV "comes to the
    fray", grabs it for snoop.
    2) my work "lets go" but the "snoop grab" does not - and so i can no
    longer access it.
    3) BUT,one might think that AV would leave the war zone and "ungrab" so
    it can go to bigger and better fights.
    I have new (and more) memory (2GB instead of one), so that is
    definitely not the problem.

    Since i am having a VERY repeatable problem with that FA930-C program
    set,what i could try is: (a) UNPLUG the EtherNet cable - making external
    attacks and intrusion impossible, (b) prevent Avast from loading, (c)
    fiddle around to see if i can fix the FA930-C problem and then see if i
    can Pete again (re-Pete) the locking garbage.
    Robert Baer, Jan 13, 2014
  4. Robert Baer

    Robert Baer Guest

    ** SNIPped pervious stuff **
    I got VERY aggressive: Disable AVAST in Computer Management; in AVAST
    disabled cloud services and self-defense mode; used RegCleaner to remove
    AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip,
    annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES
    disabled AVAST. UNPLUGGED EtherNet cable.
    Reboot - it is amazing what little runs.
    Was ABLE to install FA-930C with no sass and program seems to run OK.

    When AVAST was running, install always either quit instantly, or
    complained about some missing file.

    Up to a number of months ago, i never had this problem.
    So they added something in their zeal to "give more protection" that
    makes it more like a rootkit.
    Robert Baer, Jan 13, 2014
  5. Robert Baer

    Robert Baer Guest

    Boot computer from power off; absolutely and totally impossible to
    COPY a particular file to any other folder or to floppy; totally and 100
    percent repeatable.
    At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result
    in error message "Error Verify - whatever.DST" and a DIR will show
    whatever.DST as size ZERO.

    So, go thru all of the necessary to kill AVAST on reboot.
    *NOW* one can copy that particular file anywhere, and faithfully.


    So it is AVAST that (semi-randomly) prevents files from being copied
    during an install - resulting an indeterminate failure mode (depends on
    Robert Baer, Jan 14, 2014
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.