ZwQueryInformationByName function (wdm.h)

ZwQueryInformationByName returns the requested information about a file specified by file name.

Syntax

NTSYSAPI NTSTATUS ZwQueryInformationByName(
  [in]  POBJECT_ATTRIBUTES     ObjectAttributes,
  [out] PIO_STATUS_BLOCK       IoStatusBlock,
  [out] PVOID                  FileInformation,
  [in]  ULONG                  Length,
  [in]  FILE_INFORMATION_CLASS FileInformationClass
);

Parameters

[in] ObjectAttributes

Pointer to an OBJECT_ATTRIBUTES structure that contains the file's attributes, including file name.

[out] IoStatusBlock

Pointer an IO_STATUS_BLOCK structure containing the caller's I/O status.

[out] FileInformation

Pointer to the caller-supplied buffer in which to return the requested information about the file. The structure of the buffer is determined by the FileInformationClass parameter.

[in] Length

Length, in bytes, of the buffer that FileInformation points to.

[in] FileInformationClass

A FILE_INFORMATION_CLASS value that identifies the type of file information to return in the buffer that FileInformation points to. FileInformationClass can be one of the following values.

FILE_INFORMATION_CLASS Value Type of Information to Return
FileStatInformation (68) FILE_STAT_INFORMATION. Available starting with Windows 10, version 1709.
FileStatLxInformation (70) FILE_STAT_LX_INFORMATION. Available starting with Windows 10 April 2018 Update.
FileCaseSensitiveInformation (71) FILE_CASE_SENSITIVE_INFORMATION. Available starting with Windows 10 April 2018 Update.

Return value

ZwQueryInformationByName returns STATUS_SUCCESS upon successful completion; otherwise it returns an error code, such as one of the following.

Error Code Meaning
STATUS_INVALID_PARAMETER The FileInformationClass parameter contains an invalid value.
STATUS_INFO_LENGTH_MISMATCH The buffer size specified by Length is not large enough to contain the requested information.

Remarks

ZwQueryInformationByName queries and returns the requested information about the file. It does so without opening the actual file, making it more efficient than ZwQueryInformationFile, which requires a file open (and subsequent file close).

Callers of ZwQueryInformationByName must be running at IRQL = PASSIVE_LEVEL and with special kernel APCs enabled.

Requirements

Requirement Value
Header wdm.h
IRQL PASSIVE_LEVEL (see Remarks section)

See also

FILE_CASE_SENSITIVE_INFORMATION

FILE_INFORMATION_CLASS

FILE_STAT_INFORMATION

FILE_STAT_LX_INFORMATION

IO_STATUS_BLOCK

OBJECT_ATTRIBUTES

ZwQueryInformationFile