Testing NtQueryInformationFile call

ilho_Ye · May 4, 2007, 4:09pm

Hi everyone,

I was testing NtQueryInformationFile call and I found that the return values were a bit confusing to me so I wanted to ask you all whether there is any mistake on my part or the returned values were indeed correct.
If anyone could give me some insight, I will really appreciate that. Thank!

Ilho <><

static NTSTATUS OpenDirectory(PWCHAR dir, HANDLE *h)
{
OBJECT_ATTRIBUTES obj;
NTSTATUS Status;
IO_STATUS_BLOCK iostatus;
UNICODE_STRING str;

RtlInitUnicodeString(&str, dir);
InitializeObjectAttributes(&obj, &str, 0, NULL, NULL);

Status = NtCreateFile(h,
SYNCHRONIZE | FILE_LIST_DIRECTORY,
&obj,
&iostatus,
0,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_OPEN,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
0,
0);

return Status;
}

int main(int argc, char *argv)
{
HANDLE hDir;
WCHAR *vdir = L"\??\C:\msys\1.0\home\Administrator\work\windows";
NTSTATUS rv;
IO_STATUS_BLOCK iostatus;
WCHAR Buffer[8096];
FILE_STANDARD_INFORMATION FileStandard;
FILE_BASIC_INFORMATION FileBasic;

if ((rv = OpenDirectory(vdir, &hDir)) != 0) {
printf (“OpenDirectory Failed: Status[0x%08lx]\n”, rv);
return (FALSE);
}

printf(“----- Directory related NtQueryInformationFile -----\n”);
/* Test NtQueryInformationFile call */
rv = NtQueryInformationFile(hDir,
&iostatus,
Buffer,
sizeof(Buffer),
FileDirectoryInformation);
printf (“rv [0x%08lx] - FileDirectoryInformation \n”, rv);

rv = NtQueryInformationFile(hDir,
&iostatus,
Buffer,
sizeof(Buffer),
FileFullDirectoryInformation);
printf (“rv [0x%08lx] - FileFullDirectoryInformation \n”, rv);

rv = NtQueryInformationFile(hDir,
&iostatus,
Buffer,
sizeof(Buffer),
FileBothDirectoryInformation);
printf (“rv [0x%08lx] - FileBothDirectoryInformation \n”, rv);

return 0;
}

result:

rv [0xc0000003] - FileDirectoryInformation
rv [0xc0000003] - FileFullDirectoryInformation
rv [0xc0000003] - FileBothDirectoryInformation
rv [0xc0000003] - FileIdFullDirectoryInformation
rv [0xc0000003] - FileIdBothDirectoryInformation

anton_bassov · May 4, 2007, 7:04pm

All infoclass values that you have metioned in your post are simply invalid. Please check ZwQueryInformationFile() documentation in WDK, and you will see all possible valid infoclass values that ZwQueryInformationFile() may take. Once you pass invalid infoclassses, you get 0xC0000003 return value, i.e STATUS_INVALID_INFO_CLASS , all the time…

Anton Bassov

Lyndon_J_Clarke-2 · May 5, 2007, 5:32am

Look at the WDK pages for ZwQueryInformationFile and ZwQueryDirectoryFile
where you will find that these information classeses are intended for
ZwQueryDirectoryFile not ZwQueryInformationFile.

wrote in message news:xxxxx@ntdev…
> Hi everyone,
>
> I was testing NtQueryInformationFile call and I found that the return
> values were a bit confusing to me so I wanted to ask you all whether there
> is any mistake on my part or the returned values were indeed correct.
> If anyone could give me some insight, I will really appreciate that.
> Thank!
>
> Ilho <><
>
>
> static NTSTATUS OpenDirectory(PWCHAR dir, HANDLE *h)
> {
> OBJECT_ATTRIBUTES obj;
> NTSTATUS Status;
> IO_STATUS_BLOCK iostatus;
> UNICODE_STRING str;
>
> RtlInitUnicodeString(&str, dir);
> InitializeObjectAttributes(&obj, &str, 0, NULL, NULL);
>
> Status = NtCreateFile(h,
> SYNCHRONIZE | FILE_LIST_DIRECTORY,
> &obj,
> &iostatus,
> 0,
> FILE_ATTRIBUTE_NORMAL,
> FILE_SHARE_READ | FILE_SHARE_WRITE,
> FILE_OPEN,
> FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE,
> 0,
> 0);
>
> return Status;
> }
>
> int main(int argc, char *argv)
> {
> HANDLE hDir;
> WCHAR vdir =
> L"\??\C:\msys\1.0\home\Administrator\work\windows";
> NTSTATUS rv;
> IO_STATUS_BLOCK iostatus;
> WCHAR Buffer[8096];
> FILE_STANDARD_INFORMATION FileStandard;
> FILE_BASIC_INFORMATION FileBasic;
>
> if ((rv = OpenDirectory(vdir, &hDir)) != 0) {
> printf (“OpenDirectory Failed: Status[0x%08lx]\n”, rv);
> return (FALSE);
> }
>
> printf(“----- Directory related NtQueryInformationFile -----\n”);
> / Test NtQueryInformationFile call */
> rv = NtQueryInformationFile(hDir,
> &iostatus,
> Buffer,
> sizeof(Buffer),
> FileDirectoryInformation);
> printf (“rv [0x%08lx] - FileDirectoryInformation \n”, rv);
>
> rv = NtQueryInformationFile(hDir,
> &iostatus,
> Buffer,
> sizeof(Buffer),
> FileFullDirectoryInformation);
> printf (“rv [0x%08lx] - FileFullDirectoryInformation \n”, rv);
>
> rv = NtQueryInformationFile(hDir,
> &iostatus,
> Buffer,
> sizeof(Buffer),
> FileBothDirectoryInformation);
> printf (“rv [0x%08lx] - FileBothDirectoryInformation \n”, rv);
>
> return 0;
> }
>
> result:
>
> rv [0xc0000003] - FileDirectoryInformation
> rv [0xc0000003] - FileFullDirectoryInformation
> rv [0xc0000003] - FileBothDirectoryInformation
> rv [0xc0000003] - FileIdFullDirectoryInformation
> rv [0xc0000003] - FileIdBothDirectoryInformation
>
>