Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:


R0b0t1R0b0t1 Member Posts: 9

CreateFileW fails:

    HANDLE hVol = CreateFileW(

Is this simply unsupported? I wish to use IOCPs with DeviceIoControl on a raw drive to obtain volume information. My other option is parsing the NTFS headers directly.
Apologies if this is offtopic, but I suspect I can get a conclusive answer quickly here. I'm able to use FSCTL_QUERY_USN_JOURNAL etc. just fine if I remove FILE_FLAG_OVERLAPPED.


  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,173

    I cannot help you with an answer but my suggestion would be to diagnose this using FileTest use NtCreateFile to check the parameterization. Win32 will be interpreting what you need. In particular I'd make sure that SYNCHRONIZE (access) and FILE_SYNCRHONOUS_ALERT and FILE_SYNCRHONOUS_NONALERT were not being set.

  • R0b0t1R0b0t1 Member Posts: 9

    It turns out I was putting the flag in the wrong argument position despite staring at the function arguments in IntelliSense.
    However, it was worth coming here for the mention of FileTest, so thank you.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,253

    HA! That's a good one! Thanks for posting back the root-cause of the problem. Looking at your OP now that we know the problem, the cause is very obvious.

    The CreateFile APIs and their vast array of bitmasks is hideous to deal with. Sure, it should be "obvious" that FILE_FLAG_OVERLAPPED doesn't belong on the ShareAccess argument, but does belong on the Flags argument. But the Flags argument takes FILE_ATTRIBUTE_xxx bits as well as FILE_FLAG_xxx bits... and if that's not enough, it now also takes SECURITY_xxx bits -- and all these bits only in specific combinations.

    Again, thanks for following-up with the solution.


    Peter Viscarola

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE