--=_NextPart_0001_2ABEB1C5
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Greetings,
The PVOID FileInformation parameter in ZwQueryDirectoryFile actually points
to a CALLER-allocated buffer or variable that receives the requested file
information. It is your responsibility to allocate this memory prior to
calling ZwQueryDirectoryFile. If you allocate, you will have to free that
memory. If on the other hand you have a static variable, you can just pass
the address of that variable without the need to free the memory - just
make sure that the variable is big enough to hold the returned information.
The size of the buffer depends upon the FILE_INFORMATION_CLASS enumerator
you choose.
The structures available for FILE_INFORMATION_CLASS can be found in NTDDK.H.
Thanks
Daniel Whitaker
DDK Support Team
This posting is provided "AS IS" with no warranties, and confers no rights
--=_NextPart_0001_2ABEB1C5
Content-Type: text/x-rtf
Content-Transfer-Encoding: 7bit
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\f0\fs20 Greetings,
\par
\par The PVOID FileInformation parameter in ZwQueryDirectoryFile actually points to a CALLER-allocated buffer or variable that receives the requested file information. It is your responsibility to allocate this memory prior to calling ZwQueryDirectoryFile. If you allocate, you will have to free that memory. If on the other hand you have a static variable, you can just pass the address of that variable without the need to free the memory - just make sure that the variable is big enough to hold the returned information.
\par
\par The size of the buffer depends upon the FILE_INFORMATION_CLASS enumerator you choose.
\par The structures available for FILE_INFORMATION_CLASS can be found in NTDDK.H.
\par
\par Thanks
\par
\par Daniel Whitaker
\par DDK Support Team
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights
\par
\par }
--=_NextPart_0001_2ABEB1C5--