NtQueryAttributesFile - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTIOAPI_H

/**
 * The NtQueryAttributesFile function retrieves basic attributes for the specified file.
 *
 * \param ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that supplies the attributes to be used for the file object.
 * \param FileInformation A pointer to a FILE_BASIC_INFORMATION structure to receive the returned file attribute information.
 * \return NTSTATUS Successful or errant status.
 * \sa https://learn.microsoft.com/en-us/windows/win32/devnotes/ntqueryattributesfile
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryAttributesFile(
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _Out_ PFILE_BASIC_INFORMATION FileInformation
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryAttributesFile(
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _Out_ PFILE_BASIC_INFORMATION FileInformation
    );

#endif

View code on GitHub
NTSTATUS NtQueryAttributesFile(
  _In_  POBJECT_ATTRIBUTES      ObjectAttributes,
  _Out_ PFILE_BASIC_INFORMATION FileInformation
);
View the official Win32 development documentation

NtDoc

No description available.

Edit description on GitHub

Win32 development documentation (ntqueryattributesfile)

NtQueryAttributesFile function

[This function may be changed or removed from Windows without further notice.]

Retrieves basic attributes for the specified file object.

Parameters

ObjectAttributes [in]

A pointer to an OBJECT_ATTRIBUTES structure that supplies the attributes to be used for the file object.

FileInformation [out]

A pointer to a FILE_BASIC_INFORMATION structure to receive the returned file attribute information.

Return value

Returns an NTSTATUS or error code.

The forms and significance of NTSTATUS error codes are listed in the Ntstatus.h header file available in the WDK, and are described in the WDK documentation.

Remarks

This function has no associated header file. The associated import library, Ntdll.lib, is available in the WDK. You can also use the LoadLibrary and GetProcAddress functions to dynamically link to Ntdll.dll.

Requirements

Requirement Value
DLL
 Ntdll.dll

View the official Win32 development documentation

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

This function is documented in Windows SDK.

ObjectAttributes

Contains file name, in NT Objects Namespace format.

FileAttributes

Because only four bytes at offset 0x20 are used, this may be any buffer at least 0x24 bytes length. Time information fields from FILE_BASIC_INFORMATION are skipped.

Use of NtQueryAttributesFile is the easiest and the best way to check if file exist. NtOpenFile isn't good for this, because it modifies last access time for opened file. See NtQueryDirectoryFile for details.

Documented by

See also

Edit description on GitHub