NtReadFile - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTIOAPI_H

/**
 * The NtReadFile function reads data from an open file.
 *
 * \param[in] FileHandle A handle to the file object representing the file or directory on which the specified action is to be performed.
 * \param[in] Event A handle for a caller-created event. This parameter is optional and can be NULL. It must be NULL if the caller will wait for the FileHandle to be set to the Signaled state.
 * \param[in] ApcRoutine Address of a caller-supplied APC routine to be called when the requested operation completes. This parameter is optional and can be NULL.
 * \param[in] ApcContext Pointer to a caller-determined context area. This parameter value is used as the APC context if the caller supplies an APC, or is used as the completion context if an I/O completion object has been associated with the file object.
 * \param[out] IoStatusBlock Pointer to an IO_STATUS_BLOCK structure that receives the final completion status and information about the operation.
 * \param[out] Buffer Pointer to a caller-allocated buffer that receives the data read from the file.
 * \param[in] Length The size, in bytes, of the buffer pointed to by Buffer.
 * \param[in] ByteOffset Pointer to a variable that specifies the starting byte offset in the file where the read operation will begin.
 * \param[in] Key Device and intermediate drivers should set this pointer to NULL.
 * \return NTSTATUS Successful or errant status.
 * \sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwreadfile
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtReadFile(
    _In_ HANDLE FileHandle,
    _In_opt_ HANDLE Event,
    _In_opt_ PIO_APC_ROUTINE ApcRoutine,
    _In_opt_ PVOID ApcContext,
    _Out_ PIO_STATUS_BLOCK IoStatusBlock,
    _Out_writes_bytes_(Length) PVOID Buffer,
    _In_ ULONG Length,
    _In_opt_ PLARGE_INTEGER ByteOffset,
    _In_opt_ PULONG Key
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwReadFile(
    _In_ HANDLE FileHandle,
    _In_opt_ HANDLE Event,
    _In_opt_ PIO_APC_ROUTINE ApcRoutine,
    _In_opt_ PVOID ApcContext,
    _Out_ PIO_STATUS_BLOCK IoStatusBlock,
    _Out_writes_bytes_(Length) PVOID Buffer,
    _In_ ULONG Length,
    _In_opt_ PLARGE_INTEGER ByteOffset,
    _In_opt_ PULONG Key
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit here and here.

(Also described in Win2000 DDK)

FileHandle

HANDLE to File Object opened with FILE_READ_DATA access.

Event

Optional HANDLE to Event Object signaled when reading is done.

ApcRoutine

User defined APC routine queued for execute after reading is done.

ApcContext

User parameter to ApcRoutine.

IoStatusBlock

Pointer to IO_STATUS structure received IO status of file reading.

Buffer

User-allocated buffer for read data.

Length

Length of Buffer, in bytes.

ByteOffset

Offset from beginning of file, in bytes.

Key

??? (In my opinion: use this, if you previously lock file, and now you want read it, but without unlocking).

Related Win32 API

Documented by

See also

Edit description on GitHub