|
The defragmenting method being used is probably the FSCTL_MOVE_FILE control code: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/fsctl_move_file.asp
It requires a handle to the volume, and a handle to the file with FILE_READ_ATTRIBUTES right.
If you open the file with no sharing, other processes can probably still open it with only this right.
If you deny this right to the SYSTEM account, the program might still be able to open it with backup semantics, bypassing the ACL's.
One way would be to intercept the DeviceIoControl function, check for the file being moved, and return an error if it's the files you don't want to move. But then you'd have to see the reaction of the defragmenter - would it skip this file and go on with the other ones? I doubt it.
Returning success and not doing a thing is also risky, the defragmenter might rely on the return code to update its internal copy of the volume bitmap, and assume the file has moved...
|