Using the VirtualizeDeleteFile Fix
Applies To: Windows 7, Windows Vista
This section includes information about using the VirtualizeDeleteFile compatibility fix, including its usage and API-related information.
VirtualizeDeleteFile
The VirtualizeDeleteFile compatibility fix is designed to enable an application to incorrectly think that a file that the user does not have permission to delete, has been successfully deleted. If the file to be deleted has been virtualized by using the File and Registry Virtualization feature, then the virtual copy can be deleted. If, however, the file has not been virtualized, and as a result, causes the deletion attempt to fail, then you can use this compatibility fix to trick the application into believing that the deletion was successful. To support this pretext, we must also fix additional APIs, to force other applications to believe that the file is missing when they attempt to verify the existence of this file.
Note
The additional APIs that are fixed with this compatibility fix are detailed below, in the Intercepted APIs section of this topic.
Investigating the Issue
This issue can be detected and a compatibility fix can be recommended by using the Standard User Analyzer tool, which is installed in the Developer and Tester Tools directory of the Application Compatibility Toolkit.
Intercepted APIs
This compatibility fix maintains a list of virtually deleted files, which is referenced when making API calls.
The following table provides detailed information about the APIs that are intercepted by the VirtualizeDeleteFile compatibility fix.
API | Description |
---|---|
DeleteFileA |
First checks to see if there was a previous attempt to delete the file that was intercepted by the compatibility fix. If the previous attempt occurred, then the ERROR_FILE_NOT_FOUND value is returned. Next, if a call to the GetFileAttributes API returns a value of 0xffffffff, then the compatibility fix returns the value DeleteFileA; otherwise, the compatibility fix continues and returns the corrected value. If the file was virtualized (FILE_ATTRIBUTE_VIRTUAL), then the compatibility fix adds the file to the list of virtually deleted files. If the file was not virtualized, if ERROR_ACCESS_DENIED is returned, and if the file was not located in the FILE_ATTRIBUTE_DIRECTORY, then this fix will add the file to the list of virtually deleted files, clear the error, and reset the file to ERROR_SUCCESS. |
DeleteFileW |
First checks to see if there was a previous attempt to delete the file that was intercepted by the compatibility fix. If the previous attempt occurred, then the ERROR_FILE_NOT_FOUND value is returned. Next, if a call to the GetFileAttributes API returns a value of 0xffffffff, then the compatibility fix returns the value DeleteFileA; otherwise, the compatibility fix continues and returns the corrected value. If the file was virtualized (FILE_ATTRIBUTE_VIRTUAL), then the compatibility fix adds the file to the list of virtually deleted files. If the file was not virtualized, if ERROR_ACCESS_DENIED is returned, and if the file was not located in the FILE_ATTRIBUTE_DIRECTORY, then this fix will add the file to the list of virtually deleted files, clear the error, and reset the file to ERROR_SUCCESS. |
FindFirstFileA |
If the file is in the list of virtually deleted files, then the compatibility fix will return the INVALID_HANDLE_VALUE result. If the file is not in the list of virtually deleted files, this fix will return the results from the FindFirstFileA API. |
FindFirstFileW |
If the file is in the list of virtually deleted files, then the compatibility fix will return the INVALID_HANDLE_VALUE result. If the file is not in the list of virtually deleted files, this fix will return the results from the FindFirstFileW API. |
MoveFileA |
If the file is in the list of virtually deleted files, then the compatibility fix will return the ERROR_FILE_NOT_FOUND result. If the file is virtualized, then this fix will move the virtual copy and act as if it was deleted (so the original copy is not found afterwards). If the file is not virtualized, then this fix will add the file to the list of virtually deleted files and perform a copy operation. |
MoveFileW |
If the file is in the list of virtually deleted files, then the compatibility fix will return the ERROR_FILE_NOT_FOUND result. If the file is virtualized, then this fix will move the virtual copy and act as if it was deleted (so the original copy is not found afterwards). If the file is not virtualized, then this fix will add the file to the list of virtually deleted files and perform a copy operation. |
GetFileAttributesA |
If the file is in the list of virtually deleted files, then the compatibility fix will set the ERROR_FILE_NOT_FOUND value, and then it will return the INVALID_FILE_ATTRIBUTES result. |
GetFileAttributesW |
If the file is in the list of virtually deleted files, then the compatibility fix will set the ERROR_FILE_NOT_FOUND value, and then it will return the INVALID_FILE_ATTRIBUTES result. |
CreateFileA |
If the file is in the list of virtually deleted files, and the request flag is set for OPEN_EXISTING, then the compatibility fix will set ERROR_FILE_NOT_FOUND. Otherwise, the compatibility fix will set the dwCreationDisposition argument to CREATE_ALWAYS and create the file, removing it from the list of virtually deleted files. If the file is not in the list, then proceed as normal. |
CreateFileW |
If the file is in the list of virtually deleted files, and the request flag is set for OPEN_EXISTING, then the compatibility fix will set the ERROR_FILE_NOT_FOUND value. Otherwise, the compatibility fix will set the dwCreationDisposition argument to CREATE_ALWAYS and create the file, removing it from the list of virtually deleted files. If the file is not in the list, then proceed as normal. |
Fixing Your Code
Applications that need to delete files from protected locations should be manifested by using the requireAdministrator call if they are setup, update, or administrator applications. If the application is a standard application that has no reason for manipulating files in protected areas of the operating system, the application should be updated to only manipulate files in user-writeable areas of the file system.