2

When calling functions in ntdll.dll it sometimes returns an IO_STATUS_BLOCK e.g. NtCreateFile: MSDN.

I however am not able to find a reference to, for example a table, what any of the returned values mean. When calling a function such as NtCreateFile you will get a NTSTATUS back, for which the reference resides here: MSDN

Gertjan Brouwer
  • 996
  • 1
  • 12
  • 35
  • 2
    why ? for example `NtCreateFile` msd page explain what mean *Information* member on return. in most other api - The *Information* member receives the number of bytes actually read/written. – RbMm May 07 '20 at 18:33
  • Well it is not that big of a deal, but I am dealing with a lot of different NTDLL functions, which are return different things. I have to keep searching for their individual information specification. – Gertjan Brouwer May 07 '20 at 18:35
  • which function for example ? your question not clear i be say. – RbMm May 07 '20 at 18:37
  • Take for example, NtDeleteFile. No info to be found – Gertjan Brouwer May 07 '20 at 18:38
  • 4
    `NtDeleteFile` not use `IO_STATUS_BLOCK`. so this is not example at all – RbMm May 07 '20 at 18:53
  • @GertjanBrouwer For ***a table***, there already list all valid values returned via the `Information` member of [`IO_STATUS_BLOCK` structure](https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_io_status_block): `FILE_CREATED`, `FILE_OPENED`, `FILE_OVERWRITTEN`, `FILE_SUPERSEDED`, `FILE_EXISTS`, `FILE_DOES_NOT_EXIST`. – Rita Han May 08 '20 at 09:01
  • For ***the reference***, if the `NtCreateFile` returns `STATUS_PENDING`, the caller should wait for the I/O operation to complete, and then check the status code in the `IO_STATUS_BLOCK` structure to determine the final status of the operation. If the `NtCreateFile` returns a status code other than `STATUS_PENDING`, the caller should rely on this status code (`NTSTATUS`) instead of the status code in the `IO_STATUS_BLOCK` structure. – Rita Han May 08 '20 at 09:05
  • Refer to [`IO_STATUS_BLOCK` structure](https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_io_status_block) and [I/O Status Blocks](https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/i-o-status-blocks) for more detailed information. – Rita Han May 08 '20 at 09:05
  • @GertjanBrouwer Feel free let me know if you still have any concern about this issue. – Rita Han May 14 '20 at 09:38

0 Answers0