Solved

How i do to overrite the slack file space?

Posted on 2003-10-28
7
1,204 Views
Last Modified: 2010-04-16
I wan't to sweep the unused file space from a drive.
I tied to create a file bigger as diskfree space. I write in this file random bytes and then i delete them, but is a very slow opperation, in my HDD drive with 20 GB free space.

I need a new solution or some ideeas. Thanks.
0
Comment
Question by:PhotonX
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:GloomyFriar
Comment Utility
I think it's rather difficult.
The code will be differ for different file systems (FAT, NTFS, ...)
0
 
LVL 6

Accepted Solution

by:
GloomyFriar earned 25 total points
Comment Utility
Here is some information that can help.

A file is stored on a disk drive (and other media) in one or more clusters. Clusters are the atomic unit of data allocation, made up of one or more sectors. Sectors, in turn, are physical storage units.

As a file is written to the disk, the file may not be written in contiguous clusters. Noncontiguous clusters slow down the process of reading and writing the file. The farther apart on the disk the noncontiguous clusters are, the worse the problem because of the time it takes to move the hard drive's read/write head. A file with noncontiguous clusters is said to be fragmented. To optimize files for fast access, a volume may be defragmented.

Defragmentation is the process of moving portions of files around on the disk in order to defragment files; that is, the process of moving a file's clusters on the disk to make them contiguous.

In a simple single-tasking operating system, defragmentation is straightforward: the defragmentation software is the sole task, and there are no other processes to read from or write to the disk. However, in a multitasking operating system, some processes may be reading from and writing to the hard drive while another process is trying to defragment that hard drive. The trick is to avoid writes to the file being defragmented without stopping the writing process for very long. Solving this problem is not trivial, but it is possible.

Some file systems are publicly documented, such as the FAT16 and FAT32 file systems. This allows programmers to manipulate on-disk data structures (such as file allocation tables, or FAT) directly. However, NTFS is deliberately opaque. To allow defragmentation of NTFS without requiring detailed knowledge of the disk structure of NTFS, a set of three DeviceIoControl operations is provided. The three operations allow applications to locate empty clusters, determine the disk location of file clusters, and move clusters on the disk. The DeviceIoControl operations transparently handle the problem of inhibiting and allowing other processes to read from and write to files during moves.

These same DeviceIoControl operations also work with FAT volumes.

These operations can be performed without inhibiting other processes from running. However, the other processes will have slower response times while a disk drive is being defragmented.

Clusters may be referred to from two different perspectives: within the file and on the volume. Any cluster in a file has a virtual cluster number (VCN), which is its relative offset from the beginning of the file. For example, a seek to twice the size of a cluster, followed by a read, will return data beginning at the third VCN. A logical cluster number (LCN) describes the offset of a cluster from some arbitrary point within the volume. LCNs should be treated only as ordinal, or relative, numbers. There is no guaranteed mapping of logical clusters to physical hard drive sectors.

An extent is a run of contiguous clusters. For example, suppose a file consisting of thirty clusters is recorded in two extents. The first extent might consist of five contiguous clusters, the other of the remaining 25 clusters.

There is no guarantee of any relationship on the disk of any extent to any other extent. For example, the first extent may be at a higher LCN than a subsequent extent.

To defragment a file, use the following steps:

Use the FSCTL_GET_VOLUME_BITMAP control code to find a place on the volume large enough to accept the entire file. If necessary, move other files to make a place that's large enough. Ideally, there will be enough unallocated clusters after the first extent of the file that you can simply move subsequent extents into the space after the first extent.
Use the FSCTL_GET_RETRIEVAL_POINTERS control code to get a map of the current layout of the file on the disk.
Walk the RETRIEVAL_POINTERS_BUFFER structure returned by FSCTL_GET_RETRIEVAL_POINTERS. Use the FSCTL_MOVE_FILE control code to move each cluster as you walk the structure. You may need to renew either the bitmap or the retrieval structure, or both, from time to time as other processes write to the disk.
Two of the operations used in the defragmentation process require handles to volumes. Only administrators can open volumes to handles, so only administrators can defragment volumes. Your program should check the privileges of the user attempting to run defragmentation software, and it should not execute if the user does not have the appropriate security credentials.

In Windows 2000 and earlier versions of Windows, the FSCTL_MOVE_FILE control code operated only on NTFS volumes with a cluster size of less than 4K. In Windows XP, NTFS volumes with a cluster size of greater than 4K can be accommodated. NTFS format defaults to cluster sizes of 4K or less, so volumes with cluster sizes larger than 4K are rare. The following is a table of defragmentation structures and the associated control codes.

Defragmentation structures Control code
MOVE_FILE_DATA FSCTL_MOVE_FILE
RETRIEVAL_POINTERS_BUFFER FSCTL_GET_RETRIEVAL_POINTERS
STARTING_LCN_INPUT_BUFFER FSCTL_GET_VOLUME_BITMAP
STARTING_VCN_INPUT_BUFFER FSCTL_GET_RETRIEVAL_POINTERS
VOLUME_BITMAP_BUFFER FSCTL_GET_VOLUME_BITMAP


When using CreateFile to open a directory during defragmentation of a FAT or FAT32 volume, do not specify the MAXIMUM_ALLOWED access mask value. Access to the directory will be denied if this is done. Specify the GENERIC_READ access mask value instead.

Do not attempt to move allocated clusters in an NTFS file system that extend beyond the cluster rounded file size. If attempted, this will result in an error condition.

Reparse points, bitmaps, and attribute lists in NTFS volumes can be defragmented under Windows XP. Each of these can be opened for reading and synchronization, and are named using the file:name:type syntax—for example, $i30:$INDEX_ALLOCATION, mrp::$DATA, mrp::$REPARSE_POINT, and mrp::$ATTRIBUTE_LIST.

Under Windows XP, NTFS defragments uncompressed files at the cluster boundary. Under Windows 2000, this was done at the page boundary.

Under Windows 2000, an attempt to defragment the space between the file size and the allocation size will fail. However, you can do this under Windows XP.

When defragmenting NTFS volumes, defragmenting a virtual cluster beyond the file's allocation size is allowed.

The MFT could not be used for defragmentation under Windows 2000, but under Windows XP this restriction is removed. Also, the MFT itself can be defragmented. For a description of the Master File Table and the MFT Zone, refer to The Master File Table and the MFT Zone .

We recommend that you leave as much space at the beginning of the MFT Zone as possible before defragmenting the volume to reduce the chance of the MFT Zone becoming fully allocated before the defragmentation process is complete. If the MFT Zone becomes fully allocated before defragmentation has completed, it is important that unallocated space be available outside of the MFT Zone.

0
 
LVL 1

Assisted Solution

by:ttd
ttd earned 25 total points
Comment Utility
Hi,

To fully solve your problem, we have to investigate two cases:

1. If you just want to sweep the spaces not used by files, the simplest way is the one you had tried: continuously write a random data to a file until you get a 'disk full' error, then of course, delete it. The only way to speed up this process is to bypass the OS and access the disk directly. In this case, you have to learn the format of FAT or NTFS file system, then write, for example, a DOS application, boot the computer from a floppy, then run it.
But why do you want to write it yourself when there is a lot of free programs on the Internet? Take a look at http://www.pgpi.org and you will find the right one for your OS you are using. (Any PGP has a 'sweep free space' functionality)

2. If you want to sweep the spaces include those ones that are beyond a file (explanation later), I think, you don't have too much choices: direct access to the disk. The space beyond a file is the space that takes place from the end of file to the next boundary of a cluster. As you can know, a 1000-bytes file will take at least 1 cluster on the disk, and if the cluster size is, for example, 8192 bytes, the bytes from 1001 to 8192 can be called the bytes beyond the file. Some intelligent viruses can hide themself in this space, and foolish anti-virus program will never found them.

So, if the speed is important for you or if you want to fully sweep spaces, direct access the disk is recommended. Prepare yourself and dig into the soul of FAT and NTFS file systems. If not, use PGP and relax!

Hope this helps.

Regards,

ttd
0
 
LVL 26

Expert Comment

by:EddieShipman
Comment Utility
If I were you, I'd check out the sdelete at http://www.sysinternals.com

It has the functionality you require and comes with C sourcecode that you
can convert.
0
 
LVL 26

Expert Comment

by:EddieShipman
Comment Utility
Personally, if he'd had checked out sysinternals.com he would have fround that the sdelete utility has the capability
he requires and then he could run it from a shellexecute.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now