FileIo_Create class
This class is the event type class for the file create event.
The following syntax is simplified from MOF code.
[EventType{64}, EventTypeName{"Create"}]
class FileIo_Create : FileIo
{
uint32 IrpPtr;
uint32 TTID;
uint32 FileObject;
uint32 CreateOptions;
uint32 FileAttributes;
uint32 ShareAccess;
string OpenPath;
};
The FileIo_Create class has these types of members:
The FileIo_Create class has these properties.
-
CreateOptions
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(4)
Values passed in the CreateOptions and CreateDispositions parameters to the NtCreateFile function.
-
-
FileAttributes
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(5)
Value passed in the FileAttributes parameter to the NtCreateFile function.
-
-
FileObject
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(3), Pointer
Identifier that can be used for correlating operations to the same opened file object instance between file create and close events.
-
-
IrpPtr
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(1), Pointer
IO request packet. This property identifies the IO activity.
-
-
OpenPath
-
-
Data type: string
-
Access type: Read-only
-
Qualifiers: WmiDataId(7), StringTermination("NullTerminated"), Format("w")
Path to the file.
-
-
ShareAccess
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(6)
Value passed in the ShareAccess parameter to the NtCreateFile function.
-
-
TTID
-
-
Data type: uint32
-
Access type: Read-only
-
Qualifiers: WmiDataId(2), Pointer
Thread identifier of the thread that is creating the file.
-
Requirement | Value |
---|---|
Minimum supported client |
Windows Vista [desktop apps only] |
Minimum supported server |
Windows Server 2008 [desktop apps only] |