I'm currently write a special defragmenter (in two part, a boot time and user), the goal is to manage very,very,very heavy fragmented drive (that handle regular save) with very framgented free space. Even with 20%of free space, no way. No defragmenter is able to handle it correctly without a preprocess. Preprocess is just to "pack" disk, too make free space, by creating more fragmentation if necessary.
So I've reached a problem that I already have with JkDefrag and now with MyDefrag.
With not any clue, I found the server that use it with a very large load usage. It is not crashed, hanged, but very, very slow, and too slow to be able to start any software. I think disk system is hanging.
And during writing time of my defrag, I reached same problem, quite reproductible. So I searched.
Symptom is this one :
when I open (with CreateFile) attribute "$ATTRIBUTE_LIST" of stream "Zone.Identifier", the system (kernel) start to use 100% of time. Machine refuse to do anything (without complete hang) and need to be hard booted. The worst thing, is this is not direct, sometimes, it need another extern operation related to disk (starting a chkdsk in another command prompt). But even without doing this it will "crash/hang" sooner or later.
I don't know really why, Zone.Identifier stream are added by IE and other to store Zone (in meanning of Internet/LAN area/local) where file come from. It permit to Windows to popup a warning because file come from an untrusted zone
I found on the web that some people have had problem with that, when they run their app in SYSTEM account, because, they have not access to desktop, so message is not displaying and SYSTEM task start to use 100% of processor time.
Here I don't know if the problem is exactly the same. It seem, it's just localised to "$ATTRIBUTE_LIST", but perharps it depend of opening method too.
So ... a good option will be to not process theses Zone.Identifier stream. (I've added for my defrag tool, to not process them)