📄 ntifs.inc
字号:
; Define the file system attributes flags
FILE_CASE_SENSITIVE_SEARCH equ 00000001 ; winnt
FILE_CASE_PRESERVED_NAMES equ 00000002 ; winnt
FILE_UNICODE_ON_DISK equ 00000004 ; winnt
FILE_PERSISTENT_ACLS equ 00000008 ; winnt
FILE_FILE_COMPRESSION equ 00000010h ; winnt
FILE_VOLUME_QUOTAS equ 00000020h ; winnt
FILE_SUPPORTS_SPARSE_FILES equ 00000040h ; winnt
FILE_SUPPORTS_REPARSE_POINTS equ 00000080h ; winnt
FILE_SUPPORTS_REMOTE_STORAGE equ 00000100h ; winnt
FILE_VOLUME_IS_COMPRESSED equ 00008000h ; winnt
FILE_SUPPORTS_OBJECT_IDS equ 00010000h ; winnt
FILE_SUPPORTS_ENCRYPTION equ 00020000h ; winnt
FILE_NAMED_STREAMS equ 00040000h ; winnt
; Define the flags for NtSet(Query)EaFile service structure entries
FILE_NEED_EA equ 00000080h
; Define EA type values
FILE_EA_TYPE_BINARY equ 0fffeh
FILE_EA_TYPE_ASCII equ 0fffdh
FILE_EA_TYPE_BITMAP equ 0fffbh
FILE_EA_TYPE_METAFILE equ 0fffah
FILE_EA_TYPE_ICON equ 0fff9h
FILE_EA_TYPE_EA equ 0ffeeh
FILE_EA_TYPE_MVMT equ 0ffdfh
FILE_EA_TYPE_MVST equ 0ffdeh
FILE_EA_TYPE_ASN1 equ 0ffddh
FILE_EA_TYPE_FAMILY_IDS equ 0ff01h
; begin_ntddk begin_wdm begin_nthal
; Define the various device characteristics flags
FILE_REMOVABLE_MEDIA equ 00000001
FILE_READ_ONLY_DEVICE equ 00000002
FILE_FLOPPY_DISKETTE equ 00000004
FILE_WRITE_ONCE_MEDIA equ 00000008
FILE_REMOTE_DEVICE equ 00000010h
FILE_DEVICE_IS_MOUNTED equ 00000020h
FILE_VIRTUAL_VOLUME equ 00000040h
FILE_AUTOGENERATED_DEVICE_NAME equ 00000080h
FILE_DEVICE_SECURE_OPEN equ 00000100h
; end_wdm
; flags specified here will be propagated up and down a device stack
; after FDO and all filter devices are added, but before the device
; stack is started
FILE_CHARACTERISTICS_PROPAGATED equ (FILE_REMOVABLE_MEDIA or FILE_READ_ONLY_DEVICE or FILE_FLOPPY_DISKETTE or FILE_WRITE_ONCE_MEDIA or FILE_DEVICE_SECURE_OPEN)
; end_ntddk end_nthal
; begin_ntddk begin_wdm begin_nthal
; Define the base asynchronous I/O argument types
IO_STATUS_BLOCK STRUCT ; sizeof = 08h
union
Status SDWORD ? ; 0000h NTSTATUS
Pointer PVOID ?
ends
Information DWORD ? ; 0004h ULONG_PTR
IO_STATUS_BLOCK ENDS
PIO_STATUS_BLOCK typedef PTR IO_STATUS_BLOCK
; end_ntddk end_wdm end_nthal
; Define the file information class values
;
; WARNING: The order of the following values are assumed by the I/O system.
; Any changes made here should be reflected there as well.
;typedef enum _FILE_INFORMATION_CLASS {
; end_wdm
FileDirectoryInformation equ 1
FileFullDirectoryInformation equ 2
FileBothDirectoryInformation equ 3
FileBasicInformation equ 4 ; wdm
FileStandardInformation equ 5 ; wdm
FileInternalInformation equ 6
FileEaInformation equ 7
FileAccessInformation equ 8
FileNameInformation equ 9
FileRenameInformation equ 10
FileLinkInformation equ 11
FileNamesInformation equ 12
FileDispositionInformation equ 13
FilePositionInformation equ 14 ; wdm
FileFullEaInformation equ 15
FileModeInformation equ 16
FileAlignmentInformation equ 17
FileAllInformation equ 18
FileAllocationInformation equ 19
FileEndOfFileInformation equ 20 ; wdm
FileAlternateNameInformation equ 21
FileStreamInformation equ 22
FilePipeInformation equ 23
FilePipeLocalInformation equ 24
FilePipeRemoteInformation equ 25
FileMailslotQueryInformation equ 26
FileMailslotSetInformation equ 27
FileCompressionInformation equ 28
FileObjectIdInformation equ 29
FileCompletionInformation equ 30
FileMoveClusterInformation equ 31
FileQuotaInformation equ 32
FileReparsePointInformation equ 33
FileNetworkOpenInformation equ 34
FileAttributeTagInformation equ 35
FileTrackingInformation equ 36
FileIdBothDirectoryInformation equ 37
FileIdFullDirectoryInformation equ 38
FileMaximumInformation equ 39
; begin_wdm
; Define the various structures which are returned on query operations
; end_ntddk end_wdm end_nthal
; +
; NtQueryDirectoryFile return types:
;
; FILE_DIRECTORY_INFORMATION
; FILE_FULL_DIR_INFORMATION
; FILE_ID_FULL_DIR_INFORMATION
; FILE_BOTH_DIR_INFORMATION
; FILE_ID_BOTH_DIR_INFORMATION
; FILE_NAMES_INFORMATION
; FILE_OBJECTID_INFORMATION
; -
FILE_DIRECTORY_INFORMATION STRUCT ; sizeof = 48h
NextEntryOffset DWORD ?
FileIndex DWORD ?
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
FileAttributes DWORD ?
FileNameLength DWORD ?
FileName WORD 1 dup(?) ; WCHAR
WORD 3 dup(?) ; padding
FILE_DIRECTORY_INFORMATION ENDS
PFILE_DIRECTORY_INFORMATION typedef ptr FILE_DIRECTORY_INFORMATION
FILE_FULL_DIR_INFORMATION STRUCT ; sizeof = 48h
NextEntryOffset DWORD ?
FileIndex DWORD ?
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
FileAttributes DWORD ?
FileNameLength DWORD ?
EaSize DWORD ?
FileName WORD 1 dup(?) ; WCHAR
WORD ? ; padding
FILE_FULL_DIR_INFORMATION ENDS
PFILE_FULL_DIR_INFORMATION typedef ptr FILE_FULL_DIR_INFORMATION
FILE_ID_FULL_DIR_INFORMATION STRUCT ; sizeof = 58h
NextEntryOffset DWORD ?
FileIndex DWORD ?
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
FileAttributes DWORD ?
FileNameLength DWORD ?
EaSize DWORD ? ; 040h
DWORD ? ; 044h
FileId LARGE_INTEGER <> ; 048h
FileName WORD 1 dup(?) ; 050h WCHAR
WORD 3 dup(?) ; padding
FILE_ID_FULL_DIR_INFORMATION ENDS
PFILE_ID_FULL_DIR_INFORMATION typedef ptr FILE_ID_FULL_DIR_INFORMATION
FILE_BOTH_DIR_INFORMATION STRUCT ; sizeof = 60h
NextEntryOffset DWORD ?
FileIndex DWORD ?
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
FileAttributes DWORD ?
FileNameLength DWORD ?
EaSize DWORD ? ; 040h
ShortNameLength BYTE ? ; 044h CCHAR
BYTE ?
ShortName WORD 12 dup(?) ; 046h WCHAR
FileName WORD 1 dup(?) ; 05Eh WCHAR
FILE_BOTH_DIR_INFORMATION ENDS
PFILE_BOTH_DIR_INFORMATION typedef ptr FILE_BOTH_DIR_INFORMATION
FILE_ID_BOTH_DIR_INFORMATION STRUCT ; sizeof = 70h
NextEntryOffset DWORD ?
FileIndex DWORD ?
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
FileAttributes DWORD ?
FileNameLength DWORD ?
EaSize DWORD ? ; 040h
ShortNameLength BYTE ? ; 044h CCHAR
BYTE ?
ShortName WORD 12 dup(?) ; 046h WCHAR
WORD ?
FileId LARGE_INTEGER <> ; 060h
FileName WORD 1 dup(?) ; 068 WCHAR
WORD 3 dup(?) ; padding
FILE_ID_BOTH_DIR_INFORMATION ENDS
PFILE_ID_BOTH_DIR_INFORMATION typedef ptr FILE_ID_BOTH_DIR_INFORMATION
FILE_NAMES_INFORMATION STRUCT ; sizeof = 10h
NextEntryOffset DWORD ?
FileIndex DWORD ?
FileNameLength DWORD ?
FileName WORD 1 dup(?) ; 068 WCHAR
WORD ? ; padding
FILE_NAMES_INFORMATION ENDS
PFILE_NAMES_INFORMATION typedef ptr FILE_NAMES_INFORMATION
FILE_OBJECTID_INFORMATION STRUCT ; sizeof = 48h
FileReference QWORD ?
ObjectId BYTE 16 dup(?) ; UCHAR
union
struct
BirthVolumeId BYTE 16 dup(?) ; 018h UCHAR
BirthObjectId BYTE 16 dup(?) ; 028h UCHAR
DomainId BYTE 16 dup(?) ; 038h UCHAR
ends
ExtendedInfo BYTE 48 dup(?) ; 018h UCHAR
ends
FILE_OBJECTID_INFORMATION ENDS
PFILE_OBJECTID_INFORMATION typedef ptr FILE_OBJECTID_INFORMATION
; +
; NtQuery(Set)InformationFile return types:
;
; FILE_BASIC_INFORMATION
; FILE_STANDARD_INFORMATION
; FILE_INTERNAL_INFORMATION
; FILE_EA_INFORMATION
; FILE_ACCESS_INFORMATION
; FILE_POSITION_INFORMATION
; FILE_MODE_INFORMATION
; FILE_ALIGNMENT_INFORMATION
; FILE_NAME_INFORMATION
; FILE_ALL_INFORMATION
;
; FILE_NETWORK_OPEN_INFORMATION
;
; FILE_ALLOCATION_INFORMATION
; FILE_COMPRESSION_INFORMATION
; FILE_DISPOSITION_INFORMATION
; FILE_END_OF_FILE_INFORMATION
; FILE_LINK_INFORMATION
; FILE_MOVE_CLUSTER_INFORMATION
; FILE_RENAME_INFORMATION
; FILE_STREAM_INFORMATION
; FILE_COMPLETION_INFORMATION
;
; FILE_PIPE_INFORMATION
; FILE_PIPE_LOCAL_INFORMATION
; FILE_PIPE_REMOTE_INFORMATION
;
; FILE_MAILSLOT_QUERY_INFORMATION
; FILE_MAILSLOT_SET_INFORMATION
; FILE_REPARSE_POINT_INFORMATION
; -
FILE_BASIC_INFORMATION STRUCT ; sizeof = 028h
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
FileAttributes DWORD ?
DWORD ? ; padding
FILE_BASIC_INFORMATION ENDS
PFILE_BASIC_INFORMATION typedef ptr FILE_BASIC_INFORMATION
FILE_STANDARD_INFORMATION STRUCT ; sizeof = 018h
AllocationSize LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
NumberOfLinks DWORD ?
DeletePending BOOLEAN ?
Directory BOOLEAN ?
db 2 dup(?) ; padding
FILE_STANDARD_INFORMATION ENDS
PFILE_STANDARD_INFORMATION typedef ptr FILE_STANDARD_INFORMATION
FILE_INTERNAL_INFORMATION STRUCT
IndexNumber LARGE_INTEGER <>
FILE_INTERNAL_INFORMATION ENDS
PFILE_INTERNAL_INFORMATION typedef ptr FILE_INTERNAL_INFORMATION
FILE_EA_INFORMATION STRUCT
EaSize DWORD ?
FILE_EA_INFORMATION ENDS
PFILE_EA_INFORMATION typedef ptr FILE_EA_INFORMATION
FILE_ACCESS_INFORMATION STRUCT
AccessFlags DWORD ? ; ACCESS_MASK
FILE_ACCESS_INFORMATION ENDS
PFILE_ACCESS_INFORMATION typedef ptr FILE_ACCESS_INFORMATION
FILE_POSITION_INFORMATION STRUCT
CurrentByteOffset LARGE_INTEGER <>
FILE_POSITION_INFORMATION ENDS
PFILE_POSITION_INFORMATION typedef ptr FILE_POSITION_INFORMATION
FILE_MODE_INFORMATION STRUCT
Mode DWORD ?
FILE_MODE_INFORMATION ENDS
PFILE_MODE_INFORMATION typedef ptr FILE_MODE_INFORMATION
FILE_ALIGNMENT_INFORMATION STRUCT
AlignmentRequirement DWORD ?
FILE_ALIGNMENT_INFORMATION ENDS
PFILE_ALIGNMENT_INFORMATION typedef ptr FILE_ALIGNMENT_INFORMATION
FILE_NAME_INFORMATION STRUCT
FileNameLength DWORD ?
FileName WCHAR 1 dup(?)
FILE_NAME_INFORMATION ENDS
PFILE_NAME_INFORMATION typedef ptr FILE_NAME_INFORMATION
FILE_ALL_INFORMATION STRUCT ; sizeof = 68h
BasicInformation FILE_BASIC_INFORMATION <>
StandardInformation FILE_STANDARD_INFORMATION <>
InternalInformation FILE_INTERNAL_INFORMATION <>
EaInformation FILE_EA_INFORMATION <>
AccessInformation FILE_ACCESS_INFORMATION <>
PositionInformation FILE_POSITION_INFORMATION <>
ModeInformation FILE_MODE_INFORMATION <>
AlignmentInformation FILE_ALIGNMENT_INFORMATION <>
NameInformation FILE_NAME_INFORMATION <>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -