Currently I have a software which has a file filter driver, during installation of software the driver is started as service in this way:
CreateService(serviceManager, name, displayName,
SERVICE_START | DELETE | SERVICE_QUERY_STATUS | SERVICE_STOP,
SERVICE_FILE_SYSTEM_DRIVER, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE,
path, NULL, NULL, NULL, NULL, NULL);
Where path is C:Program Files(x86)TSUdriverTSUfsd.sys
.
The problem I'm having is during uninstallation of the software. It gives me access denied when software tries to delete TSUfsd.sys
file.
I've checked how the software deletes the driver, and turns out it deletes it with DeleteService
function, and waits for service to change its state from SERVICE_STOP_PENDING
to SERVICE_STOPPED
and if it doesn't happen after some time, it gets the service PID
and kills it with ProcessTerminate
and then tries to delete the file with rmdir /S /Q C:Program Files(x86)TSU
.
I've tried to find the process which could have had the handle of the file(with Process Explorer) but could not find any. Then I thought maybe the service is still alive so I typed sc query TSUfsd
but the service was gone too.
I've also tried to change permissions and grant full permissions to my user but same error still occurred.
So my questions are:
Is there any other ways to check which process(or anything else) can have a hold of a file?
I've also noticed that, whenever I try to delete the file with Cygwin(rm TSUfsd.sys
) it deletes the file without a problem. What is the difference between deleting file with cmd(del /f <filename>
) and with cygwin?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…