有没有一种方法来检测删除的文件的窗口进行删除过吗？我发现FileSystemWatcher类，但事件引发执行删除操作后，才不过我想陷阱删除操作，一旦用户/进程选择将其删除。您可以监控文件系统表，但寻找一个更好的方法。感谢您的帮助。

Is there a way to detect deletion of a file before windows performs the deletion? I found FileSystemWatcher class but the event is raised only after the delete action is performed but I want to trap the delete action once the user/process chooses to delete it. You can monitor the file system table but looking for a better approach. Thanks for your help.

推荐答案

我觉得simpliest的方法是使用一个钩子得到通知（并最终停止）的过程。它不能在.NET中进行，所以你必须的DllImport 大量的结构和一些功能与P / Invoke的。

I think the simpliest way is to use a hook to get notified (and eventually to stop) the process. It can't be done in .NET so you have to DllImport a lot of structures and few functions to P/Invoke.

让我们先从 NtSetFileInformation （无证）功能，你的工作。这就是所谓的被其它的东西，当一个文件需要被删除（与 FileDispositionInformation 结构）的功能。

Let's start your job with the NtSetFileInformation (undocumented) function. It's the function called by anything else when a file need to be deleted (with the FileDispositionInformation structure).

现在的问题是如何连接的功能（运气好，这是不容易）。一个很好的选择可以使用微软走弯路的。看看到本文一个例。它的问题在于，它不是免费的。另一种解决方案（与合理的价格和与.NET接口）是 Deviare 但我从来没有尝试过，甚至他们的免费版本，所以我不知道有多少它的好。如果其他人知道一个很好的拦截工具...

Now the problem is how to hook that function (good luck, it's not easy). A good choice can be to use Microsoft Detours. Take a look to this article for an example. Its problem is that it's not free. An alternative solution (with a reasonable price and with a .NET interface) is Deviare but I never tried even their free version so I don't know how much it's good. If someone else knows a good interception tool...