FILE_BOTH_DIR_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTIOAPI_H

typedef struct _FILE_BOTH_DIR_INFORMATION
{
    ULONG NextEntryOffset;
    ULONG FileIndex;
    LARGE_INTEGER CreationTime;
    LARGE_INTEGER LastAccessTime;
    LARGE_INTEGER LastWriteTime;
    LARGE_INTEGER ChangeTime;
    LARGE_INTEGER EndOfFile;
    LARGE_INTEGER AllocationSize;
    ULONG FileAttributes;
    ULONG FileNameLength;
    ULONG EaSize;
    CCHAR ShortNameLength;
    WCHAR ShortName[12];
    _Field_size_bytes_(FileNameLength) WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;

#endif

View code on GitHub
// ntifs.h

typedef struct _FILE_BOTH_DIR_INFORMATION {
  ULONG         NextEntryOffset;
  ULONG         FileIndex;
  LARGE_INTEGER CreationTime;
  LARGE_INTEGER LastAccessTime;
  LARGE_INTEGER LastWriteTime;
  LARGE_INTEGER ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG         FileAttributes;
  ULONG         FileNameLength;
  ULONG         EaSize;
  CCHAR         ShortNameLength;
  WCHAR         ShortName[12];
  WCHAR         FileName[1];
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (ns-ntifs-_file_both_dir_information)

FILE_BOTH_DIR_INFORMATION structure

Description

The FILE_BOTH_DIR_INFORMATION structure is used to query detailed information for the files in a directory.

Members

NextEntryOffset

Byte offset of the next FILE_BOTH_DIR_INFORMATION entry, if multiple entries are present in a buffer. This member is zero if no other entries follow this one.

FileIndex

Byte offset of the file within the parent directory. This member is undefined for file systems, such as NTFS, in which the position of a file within the parent directory is not fixed and can be changed at any time to maintain sort order.

CreationTime

Time when the file was created.

LastAccessTime

Last time the file was accessed.

LastWriteTime

Last time information was written to the file.

ChangeTime

Last time the file was changed.

EndOfFile

Absolute new end-of-file position as a byte offset from the start of the file. EndOfFile specifies the byte offset to the end of the file. Because this value is zero-based, it actually refers to the first free byte in the file. In other words, EndOfFile is the offset to the byte immediately following the last valid byte in the file.

AllocationSize

File allocation size, in bytes. Usually, this value is a multiple of the sector or cluster size of the underlying physical device.

FileAttributes

File attributes, which can be any valid combination of the following:

FileNameLength

Specifies the length, in bytes, of the file name string.

EaSize

Combined length, in bytes, of the extended attributes (EA) for the file.

ShortNameLength

Specifies the length, in bytes, of the short file name string.

ShortName

Unicode string containing the short (8.3) name for the file.

FileName

Specifies the first character of the file name string. This is followed in memory by the remainder of the string.

Remarks

This information can be queried in either of the following ways:

No specific access rights are required to query this information.

All dates and times are in absolute system-time format. Absolute system time is the number of 100-nanosecond intervals since the start of the year 1601.

This structure must be aligned on a LONGLONG (8-byte) boundary. If a buffer contains two or more of these structures, the NextEntryOffset value in each entry, except the last, falls on an 8-byte boundary.

See also

FsRtlNotifyFullChangeDirectory

IRP_MJ_DIRECTORY_CONTROL

ZwQueryDirectoryFile

View the official Windows Driver Kit DDI reference

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

This structure is documented in Windows Driver Kit.

Structure FILE_BOTH_DIR_INFORMATION is returned as a result of call NtQueryDirectoryFile with FileBothDirectoryInformation
information class. It's extended version of FILE_FULL_DIR_INFORMATION structure,
additionally containing short file name. It's used in Win32 API calls FindFirstFile and FindNextFile.

NextEntryOffset

Offset (in bytes) of next FILE_BOTH_DIR_INFORMATION structure placed in result buffer. If there's no more entries, NextEntryOffset is set to zero.

FileIndex

File index value, or zero, if directory indexing is not available.

CreationTime

Time of object creation.

LastAccessTime

Last access time. Means time when last open operation was performed.

LastWriteTime

Time of last write data.

ChangeTime

Time of last change.

EndOfFile

Specify length of file, in bytes.

AllocationSize

Specify real size of file on device. It must be equal or greater to EndOfFile member.

FileAttributes

Attributes of file.

FileNameLength

Length of FileName array, in bytes.

EaSize

Size of Extended Attributes associated with file. See also FILE_EA_INFORMATION structure.

ShortNameLength

Length ShortName array, in bytes.

ShortName[12]

Alternate file name, in UNICODE format. Empty string means:

  1. Primary name is compatible with 8DOT3 (MS DOS) standard, and there's no reason to set the same name twice;
  2. File system don't improve short names;

FileName[1]

UNICODE string specifying file name.

Documented by

See also

Edit description on GitHub