The IoCreateFileEx routine either causes a new file or directory to be created, or opens an existing file, device, directory, or volume and gives the caller a handle for the file object. File system filter drivers (legacy filter drivers) call this routine.
NTSTATUS IoCreateFileEx( _Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG Disposition, _In_ ULONG CreateOptions, _In_opt_ PVOID EaBuffer, _In_ ULONG EaLength, _In_ CREATE_FILE_TYPE CreateFileType, _In_opt_ PVOID InternalParameters, _In_ ULONG Options, _In_opt_ PIO_DRIVER_CREATE_CONTEXT DriverContext );
- FileHandle [out]
A pointer to a variable that receives the file handle if the call is successful. The driver must close the handle with ZwClose as soon as the handle is no longer being used.
- DesiredAccess [in]
A bitmask of flags (see ACCESS_MASK) that specifies the type of access that the caller requires to the file or directory. This set of system-defined DesiredAccess flags determines the following specific access rights for file objects.
DesiredAccess flag Access rights
The file can be deleted.
Data can be read from the file.
FileAttributes flags, described later, can be read.
Extended attributes (EA) associated with the file can be read.
The access control list (ACL) and ownership information associated with the file can be read.
Data can be written to the file.
FileAttributes flags can be written.
Extended attributes associated with the file can be written.
Data can be appended to the file.
The discretionary access control list (DACL) associated with the file can be written.
Ownership information associated with the file can be written.
The caller can synchronize the completion of an I/O operation by waiting for the returned FileHandle to be set to the Signaled state. This flag must be set if the CreateOptions FILE_SYNCHRONOUS_IO_ALERT or FILE_SYNCHRONOUS_IO_NONALERT flag is set.
Data can be read into memory from the file using system paging I/O.
Callers of IoCreateFileEx can specify one or a combination of the following, possibly combined through a bitwise OR operation with additional compatible flags from the previous DesiredAccess flags list, for any file object that does not represent a directory file.
Desired access to file values Maps to DesiredAccess flags
STANDARD_RIGHTS_READ, FILE_READ_DATA, FILE_READ_ATTRIBUTES, FILE_READ_EA, SYNCHRONIZE.
STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, FILE_APPEND_DATA, SYNCHRONIZE.
STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, FILE_READ_ATTRIBUTES, FILE_EXECUTE.
The STANDARD_RIGHTS_XXX are predefined system values that are used to enforce security on system objects.
If the FILE_DIRECTORY_FILE CreateOptions flag is set, callers of IoCreateFileExcan specify one or a combination of the following, possibly combined through a bitwise OR operation with one or more compatible flags from the previous DesiredAccess flags list.
Desired access to directory values Meaning
Files in the directory can be listed.
The directory can be traversed, that is, it can be part of the pathname of a file.
The FILE_READ_DATA, FILE_WRITE_DATA, FILE_EXECUTE, and FILE_APPEND_DATA DesiredAccess flags are incompatible with creating or opening a directory file.
- ObjectAttributes [in]
A pointer to an OBJECT_ATTRIBUTES structure already initialized by the InitializeObjectAttributes routine. If the caller is running in the system process context, this parameter can be NULL. Otherwise, the caller must set the OBJ_KERNEL_HANDLE attribute in the call to InitializeObjectAttributes. Members of this structure for a file object include the following.
The number of bytes of the supplied ObjectAttributes data. This value must be at least
A pointer to a buffered Unicode string that contains the name of the file to be created or opened. This value must be a fully qualified file specification, unless it is the name of a file relative to the directory specified by RootDirectory. For example, \Device\Floppy1\myfile.dat or \??\B:\myfile.dat could be the fully qualified file specification, as long as the floppy disk drive driver and overlying file system are already loaded.
Optional handle to a directory that was obtained by a previous call to IoCreateFileEx. If this value is NULL, the ObjectName member must be a fully qualified file specification that includes the full path to the target file. If this value is non-NULL, the ObjectName member specifies a file name relative to this directory.
Optional security descriptor to be applied to a file. ACLs specified by such a security descriptor are only applied to the file when it is created. If the value is NULL when a file is created, the ACL placed on the file is file-system-dependent; most file systems propagate some part of such an ACL from the parent directory file combined with the caller's default ACL.
A set of flags that controls the file object attributes. If the caller is running in the system process context, this parameter can be zero. Otherwise, the caller must set the OBJ_KERNEL_HANDLE flag. The caller can also optionally set the OBJ_CASE_INSENSITIVE flag, which indicates that name-lookup code should ignore the case of ObjectName instead of performing an exact-match search.
- IoStatusBlock [out]
A pointer to a variable of type IO_STATUS_BLOCK that receives the final completion status and information about the requested operation. On return from IoCreateFileEx, the Information member of the variable contains one of the following values:
- AllocationSize [in, optional]
Optionally specifies the initial allocation size, in bytes, for the file. A nonzero value has no effect unless the file is being created, overwritten, or superseded.
- FileAttributes [in]
Explicitly specified attributes are applied only when the file is created, superseded, or, in some cases, overwritten. By default, this value is FILE_ATTRIBUTE_NORMAL, which can be overridden by any other flag or by a combination (through a bitwise OR operation) of compatible flags. Possible FileAttributes flags include the following.
FileAttributes flags Meaning
A file that has standard attributes should be created.
A read-only file should be created.
A hidden file should be created.
A system file should be created.
The file should be marked so that it will be archived.
A temporary file should be created.
- ShareAccess [in]
Specifies the type of share access to the file that the caller would like, as zero, or one, or a combination of the following flags. To request exclusive access, set this parameter to zero. If the IO_IGNORE_SHARE_ACCESS_CHECK flag is specified in the Options parameter, the I/O manager ignores the ShareAccess parameter. However, the file system might still perform access checks. Thus, it is important to specify the sharing mode you would like for this parameter, even when you use the IO_IGNORE_SHARE_ACCESS_CHECK flag. To help you avoid sharing violation errors, specify all the following share access flags.
ShareAccess flags Meaning
The file can be opened for read access by other threads' calls to IoCreateFileEx.
The file can be opened for write access by other threads' calls to IoCreateFileEx.
The file can be opened for delete access by other threads' calls to IoCreateFileEx.
Device drivers and intermediate drivers usually set ShareAccess to zero, which gives the caller exclusive access to the open file.
- Disposition [in]
One of the following values can be used to specify how the file should be handled when the file already exists.
Disposition values Meaning
If the file already exists, replace it with the given file. If it does not, create the given file.
If the file already exists, fail the request and do not create or open the given file. If it does not, create the given file.
If the file already exists, open it instead of creating a new file. If it does not, fail the request and do not create a new file.
If the file already exists, open it. If it does not, create the given file.
If the file already exists, open it and overwrite it. If it does not, fail the request.
If the file already exists, open it and overwrite it. If it does not, create the given file.
- CreateOptions [in]
Specifies the options to be applied when creating or opening the file, as a compatible combination of the following flags.
CreateOptions flags Meaning
The file being created or opened is a directory file. With this flag, the Disposition parameter must be set to one of FILE_CREATE, FILE_OPEN, or FILE_OPEN_IF. CreateOptions flags that are compatible with this flag are as follows: FILE_SYNCHRONOUS_IO_ALERT, FILE_SYNCHRONOUS_IO_NONALERT, FILE_WRITE_THROUGH, FILE_OPEN_FOR_BACKUP_INTENT, and FILE_OPEN_BY_FILE_ID.
The file being opened must not be a directory file or this call will fail. The file object being opened can represent a data file, a logical, virtual, a physical device, or a volume.
System services, file system drivers (FSDs), and drivers that write data to the file must actually transfer the data into the file before any requested write operation is considered complete.
All accesses to the file will be sequential.
Accesses to the file can be random, so no sequential read-ahead operations should be performed on the file by FSDs or the system.
The file cannot be cached or buffered in a driver's internal buffers. This flag is incompatible with the DesiredAccessFILE_APPEND_DATA flag.
All operations on the file are performed synchronously. Any wait on behalf of the caller is subject to premature termination from alerts. This flag also causes the I/O system to maintain the file position context. If this flag is set, the DesiredAccess SYNCHRONIZE flag must also be set.
All operations on the file are performed synchronously. Wait requests in the system to synchronize I/O queuing and completion are not subject to alerts. This flag also causes the I/O system to maintain the file position context. If this flag is set, the DesiredAccess SYNCHRONIZE flag must also be set.
Create a tree connection for this file to open it over the network.
Complete this operation immediately with an alternate success code if the target file is oplocked, instead of blocking the caller's thread. If the file is oplocked, another caller already has access to the file over the network.
If the extended attributes (EAs) on an existing file being opened indicate that the caller must process EAs to interpret the file, fail this request because the caller cannot correctly process EAs.
Open a file with a reparse point and bypass normal reparse point processing for the file. For more information, see the following Remarks section.
Delete the file when the last handle to it is passed to ZwClose.
The file name that is specified in the ObjectAttributes parameter includes the 8-byte file reference number for the file. This number is assigned by the file system and is file-system-specific. If the file is a reparse point, the file name also includes the name of a device. Note: The FAT file system does not support FILE_OPEN_BY_FILE_ID.
The file is being opened for backup. Therefore, the system should check for certain access rights and grant the caller the appropriate accesses to the file before checking the input DesiredAccess against the file's security descriptor.
The file is being opened and an opportunistic lock (oplock) on the file is being requested as a single atomic operation. The file system checks for oplocks before it performs the create operation, and the create operation fails with a return code of STATUS_CANNOT_BREAK_OPLOCK if the create would break an existing oplock.
Note The FILE_OPEN_REQUIRING_OPLOCK flag is available in Windows 7, Windows Server 2008 R2 and later Windows operating systems.
This flag allows an application to request a filter opportunistic lock (oplock) to prevent other applications from getting share violations. If there are already open handles, the create request fails with STATUS_OPLOCK_NOT_GRANTED. For more information, see the following Remarks section.
- EaBuffer [in, optional]
A pointer to a caller-supplied variable of type FILE_FULL_EA_INFORMATION that contains extended attribute (EA) information to be applied to the file. For device and intermediate drivers, this parameter must be NULL.
- EaLength [in]
Length, in bytes, of EaBuffer. For device drivers and intermediate drivers, this parameter must be zero.
- CreateFileType [in]
Drivers must set this parameter to CreateFileTypeNone.
- InternalParameters [in, optional]
Drivers must set this parameter to NULL.
- Options [in]
Specifies options to be used during the generation of the create request. Zero or more of the following bit flag values can be used.
Options flags Meaning
The parameters for this call should not be validated before attempting to issue the create request. Driver writers should use this flag with caution as certain invalid parameters can cause a system failure. For more information, see Remarks.
The I/O manager must check the create request against the file's security descriptor.
The I/O manager should not perform share-access checks on the file object after it is created. However, the file system might still perform these checks.
The I/O manager or the file system will return STATUS_STOPPED_ON_SYMLINK if a symbolic link is encountered while opening or creating the file.
Open the file's parent directory.
- DriverContext [in, optional]
An optional pointer to an IO_DRIVER_CREATE_CONTEXT structure that was previously initialized by the IoInitializeDriverCreateContext routine. The IO_DRIVER_CREATE_CONTEXT structure can be used to pass additional parameters to the IoCreateFileEx and FltCreateFileEx2 routines. See the following Remarks section for more information.
IoCreateFileEx either returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:
IoCreateFileEx returns this status value if the DriverContext parameter is not NULL and if the specified device object is not attached to the file system driver stack for the volume specified in the file or directory name. This device object is specified by the DeviceObjectHint member of the IO_DRIVER_CREATE_CONTEXT structure. For more information, see IO_DRIVER_CREATE_CONTEXT.
IoCreateFileEx returns this status value if the DriverContext parameter is not NULL and if the file or directory name contains a mount point that resolves to a volume other than the one to which the specified device object is attached. This device object is specified by the DeviceObjectHint member of the IO_DRIVER_CREATE_CONTEXT structure. For more information, see IO_DRIVER_CREATE_CONTEXT.
IoCreateFileEx returns this status value if the ObjectAttributes parameter did not contain a RootDirectory member, but the ObjectName member in the OBJECT_ATTRIBUTES structure was an empty string or did not contain an OBJECT_NAME_PATH_SEPARATOR character. This indicates incorrect syntax for the object path.
IoCreateFileEx returns this status value if the Options parameter flag IO_STOP_ON_SYMLINK is set and a symbolic link is encountered while opening or creating the file.
If the IoCreateFileEx routine returns an error status, the caller can find additional information about the cause of the failure by checking the IoStatusBlock parameter.
Note IoCreateFileEx might return STATUS_FILE_LOCK_CONFLICT as the return value or in the Status member of the IO_STATUS_BLOCK structure that is pointed to by the IoStatusBlock parameter. This would occur only if the NTFS log file is full, and an error occurs while IoCreateFileEx tries to handle this situation.
The IoCreateFileEx routine is similar to both the IoCreateFile routine and the IoCreateFileSpecifyDeviceObjectHint routine but offers additional functionality including access to extra create parameters (ECPs), device objects hints, and transaction information through the IoCreateFileEx routine's DriverContext parameter. For more information about these structure based parameters, see IO_DRIVER_CREATE_CONTEXT.
File system filter drivers call IoCreateFileEx to send a create request only to a specified device object, the filters attached below it, and the file system. Filters attached above the specified device object in the driver stack do not receive the create request. However, if the DeviceObjectHint member of the IO_DRIVER_CREATE_CONTEXT structure (passed through the DriverContext parameter) is NULL, the request goes to the top of the stack and is received by all filters and the file system.
The handle, obtained by IoCreateFileEx, can be used by subsequent calls to manipulate data within the file or the state or attributes of the file object. Any handle that is obtained from IoCreateFileEx must eventually be released by calling ZwClose.
There are two alternate ways to specify the name of the file to be created or opened with IoCreateFileEx:
As a fully qualified pathname, supplied in the ObjectName member of the input ObjectAttributes parameter.
As a pathname relative to the handle in the RootDirectory member of the input ObjectAttributes parameter. (This handle can represent a directory file.)
Driver routines that run in a process context other than that of the system process must set the OBJ_KERNEL_HANDLE attribute for the ObjectAttributes parameter of IoCreateFileEx. This restricts the use of the handle that is returned by IoCreateFileEx to processes running in kernel mode. Otherwise, the handle can be accessed by the process in whose context the driver is running. Drivers can call InitializeObjectAttributes to set the OBJ_KERNEL_HANDLE attribute.
Certain DesiredAccess flags and combinations of flags have the following effects:
For a caller to synchronize an I/O completion by waiting for the returned FileHandle to be set to the Signaled state, the SYNCHRONIZE flag must be set. Otherwise, a caller that is a device or intermediate driver must synchronize an I/O completion by using an event object.
If only the FILE_APPEND_DATA and SYNCHRONIZE flags are set, the caller can write only to the end of the file, and any offset information about writes to the file is ignored. However, the file will automatically be extended as necessary for this kind of write operation.
Setting the FILE_WRITE_DATA flag for a file also allows writes beyond the end of the file to occur. The file is automatically extended for this kind of write, as well.
If only the FILE_EXECUTE and SYNCHRONIZE flags are set, the caller cannot directly read or write any data in the file using the returned FileHandle: that is, all operations on the file occur through the system pager in response to instruction and data accesses. Device and intermediate drivers should not set the FILE_EXECUTE flag in DesiredAccess.
The ShareAccess parameter determines whether separate threads can access the same file, possibly simultaneously. Provided that both file openers have the privilege to access a file in the specified manner, the file can be successfully opened and shared. If the original caller of IoCreateFileEx does not specify FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE, no other open operations can be performed on the file: that is, the original caller is given exclusive access to the file.
For a shared file to be successfully opened, the requested DesiredAccess value for the file must be compatible with both the DesiredAccess and ShareAccess specifications of all previous open requests that have not yet been released with ZwClose. That is, the DesiredAccess value that is specified to IoCreateFileEx for a given file must not conflict with the accesses that other openers of the file have disallowed.
Note If IO_IGNORE_SHARE_ACCESS_CHECK is specified in the Options parameter, the I/O manager ignores the ShareAccess parameter. However, the file system might still perform access checks. Thus, it is important to specify the sharing mode you would like for the ShareAccess parameter, even when using the IO_IGNORE_SHARE_ACCESS_CHECK flag.
The Disposition value FILE_SUPERSEDE requires that the caller have DELETE access to an existing file object. If so, a successful call to IoCreateFileEx with FILE_SUPERSEDE on an existing file effectively deletes that file, and then recreates it. This implies that, if the file has already been opened by another thread, the thread opened the file by specifying a ShareAccessparameter with the FILE_SHARE_DELETE flag set. Notice that this type of disposition is consistent with the POSIX style of overwriting files.
The Disposition values FILE_OVERWRITE_IF and FILE_SUPERSEDE are similar. If IoCreateFileEx is called with an existing file and either of these Disposition values, the file will be replaced.
Overwriting a file is semantically equivalent to a supersede operation, except for the following:
The caller must have write access to the file, instead of delete access. This implies that, if the file has already been opened by another thread, it opened the file with the FILE_SHARE_WRITE flag set in the input ShareAccess.
The specified file attributes are logically ORed with those already on the file. This implies that if the file has already been opened by another thread, a subsequent caller of IoCreateFileEx cannot disable existing FileAttributes flags but can enable additional flags for the same file. Notice that this style of overwriting files is consistent with MS-DOS, Windows 3.1, and with OS/2.
The CreateOptions FILE_DIRECTORY_FILE value specifies that the file to be created or opened is a directory file. When a directory file is created, the file system creates an appropriate structure on the disk to represent an empty directory for that particular file system's on-disk structure. If this option was specified and the given file to be opened is not a directory file, or if the caller specified an inconsistent CreateOptions or Disposition value, the call to IoCreateFileEx will fail.
The CreateOptions FILE_NO_INTERMEDIATE_BUFFERING flag prevents the file system from performing any intermediate buffering on behalf of the caller. Specifying this value places certain restrictions on the caller's parameters to the Zw..File routines, including the following:
The Length passed to ZwReadFile or ZwWriteFile, must be an integral of the sector size. Notice that specifying a read operation to a buffer whose length is exactly the sector size might result in a lesser number of significant bytes being transferred to that buffer if the end of the file was reached during the transfer.
Buffers must be aligned in accordance with the alignment requirement of the underlying device. This information can be obtained by calling IoCreateFileEx to get a handle for the file object that represents the physical device, and, then, calling ZwQueryInformationFile with that handle. For a list of the system FILE_XXX_ALIGNMENT values, see DEVICE_OBJECT.
Calls to ZwSetInformationFile with the FileInformationClass parameter set to FilePositionInformation must specify an offset that is an integral of the sector size.
The mutually exclusive CreateOptions, FILE_SYNCHRONOUS_IO_ALERT and FILE_SYNCHRONOUS_IO_NONALERT flags, specify that all I/O operations on the file are to be synchronous as long as they occur through the file object referred to by the returned FileHandle. All I/O on such a file is serialized across all threads by using the returned handle. With either of these CreateOptions values, the DesiredAccess SYNCHRONIZE flag must be set so that the I/O Manager will use the file object as a synchronization object. With either of these CreateOptions values set, the I/O Manager maintains the "file position context" for the file object, an internal, current file position offset. This offset can be used in calls to ZwReadFile and ZwWriteFile. Its position can also be queried by calling ZwQueryInformationFile, or set by calling ZwSetInformationFile.
If the CreateOptions FILE_OPEN_REPARSE_POINT flag is not specified and IoCreateFileEx attempts to open a file with a reparse point, normal reparse point processing occurs for the file. If, on the other hand, the FILE_OPEN_REPARSE_POINT flag is specified, normal reparse processing does not occur and IoCreateFileEx attempts to directly open the reparse point file. In either case, if the open operation was successful, IoCreateFileEx returns STATUS_SUCCESS; otherwise, the routine returns an NTSTATUS error code. IoCreateFileEx never returns STATUS_REPARSE.
The CreateOptions FILE_OPEN_REQUIRING_OPLOCK flag eliminates the time between when you open the file and request an oplock that could potentially enable a third party to open the file and get a sharing violation. An application can use the FILE_OPEN_REQUIRING_OPLOCK flag on IoCreateFileEx and then request any oplock. This ensures that an oplock owner will be notified of any later open request that causes a sharing violation.
In Windows 7, if other handles exist on the file when an application uses the FILE_OPEN_REQUIRING_OPLOCK flag, the create operation will fail with STATUS_OPLOCK_NOT_GRANTED. This restriction no longer exists starting with Windows 8.
If this create operation would break an oplock that already exists on the file, then setting the FILE_OPEN_REQUIRING_OPLOCK flag will cause the create operation to fail with STATUS_CANNOT_BREAK_OPLOCK. The existing oplock will not be broken by this create operation.
An application that uses this flag must request an oplock after this call succeeds, or all later attempts to open the file will be blocked without the benefit of typical oplock processing. Similarly, if this call succeeds but the later oplock request fails, an application that uses this flag must close its handle after it detects that the oplock request has failed.
Note The FILE_OPEN_REQUIRING_OPLOCK flag is available in Windows 7, Windows Server 2008 R2and later Windows operating systems. The Microsoft file systems that implement this flag are NTFS, FAT, and exFAT.
The CreateOptions flag, FILE_RESERVE_OPFILTER, allows an application to request a level 1, batch, or filter oplock to prevent other applications from getting share violations. However, FILE_RESERVE_OPFILTER is only practically useful for filter oplocks. To use it, you must follow these steps:
- Issue a create request with CreateOptions of FILE_RESERVE_OPFILTER, DesiredAccess of exactly FILE_READ_ATTRIBUTES, and ShareAccess of exactly FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE.
- If there are already open handles, the create request fails with STATUS_OPLOCK_NOT_GRANTED, and the next requested oplock also fails.
- If you open with more access or less sharing will also cause a failure of STATUS_OPLOCK_NOT_GRANTED.
If the create request succeeds, request an oplock.
Open another handle to the file to do I/O.
Step three makes this practical only for filter oplocks. The handle opened in step 3 can have a DesiredAccess that contains a maximum of FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | FILE_READ_DATA | FILE_READ_EA | FILE_EXECUTE | SYNCHRONIZE | READ_CONTROL and still not break a filter oplock. However, any DesiredAccess greater than FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | SYNCHRONIZE will break a level 1 or batch oplock and make the FILE_RESERVE_OPFILTER flag useless for those oplock types.
The Options IO_NO_PARAMETER_CHECKING flag can be useful if a kernel-mode create request is issued in the context of an operation initiated by a user-mode application. Because the request occurs within a user-mode context, the I/O manager, by default, probes the supplied parameter values, which can cause an access violation if the parameters are kernel-mode addresses. This flag enables the caller to override this default behavior and avoid the access violation.
NTFS is the only Microsoft file system that implements FILE_RESERVE_OPFILTER.
IoCreateFileEx can be used to obtain a handle to a volume.
If the I/O request does not go to the top of the driver stack, that is if the DriverContext parameter is not NULL and a valid device object is specified by the DeviceObjectHint member of the IO_DRIVER_CREATE_CONTEXT structure, the following restriction applies:
If the file name path that is passed to the IoCreateFileEx routine contains a mount point, the mount point must resolve to the same volume where the file or directory resides.
|This routine is available starting with Windows Vista.|