NtCreateFile - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTIOAPI_H
//
// System calls
//
/**
* The NtCreateFile routine creates a new file or directory, or opens an existing file, device, directory, or volume.
*
* \param[out] FileHandle Pointer to a variable that receives a handle to the pipe.
* \param[in] DesiredAccess The requested access to the object.
* \param[in] ObjectAttributes Pointer to an OBJECT_ATTRIBUTES structure that contains the object attributes, including pipe name.
* \param[out] IoStatusBlock Pointer to an IO_STATUS_BLOCK structure that receives the final completion status and information about the operation.
* \param[in] AllocationSize The initial allocation size in bytes for the file. Specify a non-zero value to eliminate disk fragmentation, since the file system pre-allocates the file using a contiguous block.
* \param[in] FileAttributes The file attributes. Explicitly specified attributes are applied only when the file is created, superseded, or, in some cases, overwritten.
* \param[in] ShareAccess The type of share access that the caller would like to use in the file.
* \param[in] CreateDisposition Specifies how the file should be handled when the file already exists.
* \param[in] CreateOptions Specifies the options to be applied when creating or opening the file.
* \param[in] EaBuffer Pointer to an EA buffer used to pass extended attributes.
* \param[in] EaLength Length of the EA buffer.
* \return NTSTATUS Successful or errant status.
* \sa https://learn.microsoft.com/en-us/windows/win32/api/Winternl/nf-winternl-ntcreatefile
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
_In_ ULONG EaLength
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
_In_ ULONG EaLength
);
View code on GitHubThis function is documented in Windows Driver Kit here and here.
(Available also in 2000 DDK.)
Result of call - HANDLE to File Object.
Access mask based on definitions in schema FILE_* from <WinNT.h>.
Name of file to create (or open), optionally path in name string. You can also define root directory, security descriptor and attributes OBJ_CASE_INSENSITIVE and OBJ_INHERIT.
Pointer to IO_STATUS_BLOCK structure, that receive final status of function call. Can be one of:
File size after creation.
Attributes for newly created file, as follows:
FILE_ATTRIBUTE_READONLYFILE_ATTRIBUTE_HIDDENFILE_ATTRIBUTE_SYSTEMFILE_ATTRIBUTE_ARCHIVEFILE_ATTRIBUTE_NORMALFILE_ATTRIBUTE_TEMPORARYFILE_ATTRIBUTE_OFFLINEFILE_ATTRIBUTE_NOT_CONTENT_INDEXEDSpecifies share method for opened object. Can be set to zero or any combination of flags:
Specifies disposition how to create or open object and can be one of:
FILE_SUPERSEDE - If file exists, deletes it before creation of new one.FILE_OPEN - Fails, if file not exists.FILE_CREATE - Fails, if file exists.FILE_OPEN_IF - If file exists, opens it. If not, creates new one and then open it.FILE_OVERWRITE - If file not exists, create and open it. If exists, open them and reset content.FILE_OVERWRITE_IF - As FILE_OVERWRITE, but fails if file not exists.Creation options.
Buffer for Extended Attributes contains one or more of FILE_FULL_EA_INFORMATION structures.
Length of EaBuffer.