How to lock a file completely from being read

The best way would be to write a KMD which hooks NtCreateFile, and then check for the filename, and if it's one of your files, return a failure code (or hook some of the directory listing API's to remove the name from the list).

There are also programs for hiding files and folders, most use the KMD method. So you can just download one of those programs and try that. They hide a folder or file from even windows explorer, so they should work fine. Just Google it.

-Lunar

[Eleven]

From the diskeeper manual

Quote:

Files that are open for exclusive access, including Oracle databases, Exchange databases and the paging file, cannot be moved or defragmented by Diskeeper. This is because the Microsoft API for defragmentation will not move files open for exclusive access because files that are open in that fashion are opened for input and moving them could cause corruption. We consider the integrity of your data to be of greater importance than file defragmentation.

It also says that these files can be a nuisance to diskeeper solely because fragments within these files will cause problems:

Quote:

Files that are open for exclusive access can be a problem, because the fragments of these files, being immovable, can prevent Diskeeper from consolidating enough free space to defragment the entire partition.

If the files are only read like you said there will be absolutely no impact on the effectiveness of the defrag.

You could try exploiting this for your own benefit by temporarily opening the file for exclusive access (this is assuming that during defrag these files don't need to be accessed by your software).

@Elven:
This is what I'm actually trying to manage. But even when the file is opened for exclusive access (open with GENERIC_READ + GENERIC_WRITE, set no share mode, use LockFile on whole file, denying all access for all users/usergroups including SYSTEM and ADMINISTRATOR), it will still be moved by Diskeeper for some reason. However, my "fragmentation" utility will not be able to move the file.

@Lunar_Dust:
I will try to find some of the programs you mentioned.

[Mkz]

The defragmenting method being used is probably the FSCTL_MOVE_FILE control code: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/fsctl_move_file.asp
It requires a handle to the volume, and a handle to the file with FILE_READ_ATTRIBUTES right.
If you open the file with no sharing, other processes can probably still open it with only this right.
If you deny this right to the SYSTEM account, the program might still be able to open it with backup semantics, bypassing the ACL's.

One way would be to intercept the DeviceIoControl function, check for the file being moved, and return an error if it's the files you don't want to move. But then you'd have to see the reaction of the defragmenter - would it skip this file and go on with the other ones? I doubt it.
Returning success and not doing a thing is also risky, the defragmenter might rely on the return code to update its internal copy of the volume bitmap, and assume the file has moved...

@Mkz:
I know which defragmentation method is used, since it is the only method availabe on WinNT (see above). Opening the file for reading is only required if the file is EFS encrypted. Else plain "read attribute" access is needed, like you wrote. Since reading attributes is even possible from Windows Explorer, the defragmentation program will most likely be able to get the same file access.

@Lunar_Dust:
I found a programm called "File Lock" (yes, plain name ), which is able to lock and/or hide files or directories. I tried it with O&O Defrag, Diskeeper and PerfectDisk.

The O&O Defrag service simply crashes completely when analysing a volume with a locked file (you have to reboot before the GUI can connect to the service again).

PerfectDisk simply ignores the fact that the file ist locked an defragments it, even if the file is also hidden.

Diskeeper does not defrag a locked file, finally. I will test it tonight on our server, tomorrow I can tell if it worked.

@all:
Thank you all for your ideas.

Do you have any idea if the program hides files or dir from a remote backup ? I'm trying to avoid a massive full backup of my laptop from my evil IT group ... any other suggestion ? I think their are using "Connected Backup" program (http://www.connected.com/).


Thnx,

nathan

Why don't you try "File Lock" ? (http://www.toplang.com/filelock.htm)

It prevents even some defragmentation programs from opening files. While this only needs file access to read attributes, a backup program needs full read access, so this should work flawless (lock + hide should be perfect in such a case). It has a simple interface, but it does its job.