Hi,
for years, the structure of FILE_STANDARD_INFORMATION is defined like this:
2: kd\> dt _FILE_STANDARD_INFORMATION
ntdll!_FILE_STANDARD_INFORMATION
+0x000 AllocationSize : _LARGE_INTEGER
+0x008 EndOfFile : _LARGE_INTEGER
+0x010 NumberOfLinks : Uint4B
+0x014 DeletePending : UChar
+0x015 Directory : UChar
However, in the wcifs.sys driver (Windows 10 17134 x86), references offsets 16 and 17 of this structure (both 1 byte size, both zeros in my test case). Does anyone know what do these fields contain?