QUERY_ON_CREATE_FILE_STAT_INFORMATION - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
// ntifs.h
typedef struct _QUERY_ON_CREATE_FILE_STAT_INFORMATION {
LARGE_INTEGER FileId;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG FileAttributes;
ULONG ReparseTag;
ULONG NumberOfLinks;
} QUERY_ON_CREATE_FILE_STAT_INFORMATION, *PQUERY_ON_CREATE_FILE_STAT_INFORMATION;
View the official Windows Driver Kit DDI referenceNo description available.
The QUERY_ON_CREATE_FILE_STAT_INFORMATION structure is used to write file information when FltRequestFileInfoOnCreateCompletion is called with the QoCFileStatInformation flag set in the InfoClassFlags parameter.
FileIdThe ID of the file.
CreationTimeThe creation time of the file.
LastAccessTimeThe time that the file was last accessed.
LastWriteTimeThe last time that the file was written to.
ChangeTimeThe last time a file was changed.
AllocationSizeThe file allocation size, in bytes. Usually this value is a multiple of the sector or cluster size of the underlying physical device.
EndOfFileThe absolute, new end-of-file position as a byte offset from the start of the file. EndOfFile specifies the byte offset to the end of the file. Because this value is zero-based, it actually refers to the first free byte in the file. In other words, EndOfFile is the offset to the byte immediately following the last valid byte in the file.
FileAttributesThe file's attributes, which can be any valid combination of the following values.
| Attribute | Meaning |
|---|---|
| FILE_ATTRIBUTE_READONLY (0x00000001) | The file is read-only. |
| FILE_ATTRIBUTE_HIDDEN (0x00000002) | The file or directory is hidden. |
| FILE_ATTRIBUTE_SYSTEM (0x00000004) | The file or directory is partially or exclusively used by the operating system. |
| FILE_ATTRIBUTE_DIRECTORY (0x00000010) | Identifies a directory. |
| FILE_ATTRIBUTE_ARCHIVE (0x00000020) | A file or directory marked for archive. |
| FILE_ATTRIBUTE_NORMAL (0x00000080) | A file that does not have other attributes set. This attribute is valid only when used alone. |
ReparseTagReparse point tag. See About reparse points for more information.
NumberOfLinksThe number of links to the file.
The file system allocates this structure and fills in the requested information, if supported, while it processes a file create. Filter Manager will free the allocated structure.
FltRequestFileInfoOnCreateCompletion
FltRetrieveFileInfoOnCreateCompletionEx