http://msdn.microsoft.com/en-us/library/aa302237.aspx
NT_TRANSACT_NOTIFY_CHANGE
The NT_TRANSACT_NOTIFY_CHANGE command notifies the client when the directory specified by Fid is modified. It also returns the names of any files that changed. Parameters for the command are encoded in NT_TRANSACT command subheader fields as shown.
Field name Displacement Length
(bytes) (bytes)
ClientRequestSetupWordsEncoding
CompletionFilter 0 4
Fid 4 2
WatchTree 6 1
Reserved 7 1
ServerResponseParameterEncoding
ParameterCount 0 1
FileNotifyInformation 1 Variable
NextEntryOffset * 4
Action * 4
FileNameLength * 4
FileName * Variable
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 0 | 1 | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fields
-
ClientRequestSetupWordsEncoding
-
Encoded in SetupWords[] in the client request.0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 CompletionFilter Fid WatchTree Reserved -
CompletionFilter
-
Data type: ULONG
Type of operation to monitor. The value is the sum of any of the following flags.Name Value FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 FILE_NOTIFY_CHANGE_NAME 0x00000003 FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 FILE_NOTIFY_CHANGE_SIZE 0x00000008 FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 FILE_NOTIFY_CHANGE_CREATION 0x00000040 FILE_NOTIFY_CHANGE_EA 0x00000080 FILE_NOTIFY_CHANGE_SECURITY 0x00000100 FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
Fid
-
Data type: USHORT
File identifier or handle of the directory to monitor.
WatchTree
-
Data type: BOOLEAN
If TRUE, all subdirectories will be watched; otherwise, FALSE.
Reserved
-
Data type: UCHAR
Reserved. This value must be 0 (zero).
ServerResponseParameterEncoding
-
-
File notification packet.0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 ParameterCount -
ParameterCount
- Number of bytes of change data. FileNotifyInformation
-
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 NextEntryOffset Action FileNameLength FileName1 Data type: struct
The response contains FILE_NOTIFY_INFORMATION structures, as defined below. The NextEntryOffset field of the structure specifies the offset, in bytes, from the start of the current entry to the next entry in the list. If this is the last entry in the list, this field is zero. Each entry in the list must be longword aligned, so NextEntryOffset must be a multiple of four.-
NextEntryOffset
-
Data type: ULONG
Offset, in bytes, from the start of the current entry to the next entry in the list. Each entry in the list must be 4-byte aligned, so NextEntryOffset must be a multiple of four. If this is the last entry in the list, the value is 0 (zero).
Action
-
Data type: ULONG
Action taken for the specified file name.Name Value FILE_ACTION_ADDED 0x00000001 FILE_ACTION_REMOVED 0x00000002 FILE_ACTION_MODIFIED 0x00000003 FILE_ACTION_RENAMED_OLD_NAME 0x00000004 FILE_ACTION_RENAMED_NEW_NAME 0x00000005 FILE_ACTION_ADDED_STREAM 0x00000006 FILE_ACTION_REMOVED_STREAM 0x00000007 FILE_ACTION_MODIFIED_STREAM 0x00000008
FileNameLength
-
Data type: ULONG
File name length of the changed file.
FileName1
-
Data type: WCHAR
Name of file for which a change is notified.
-
Remarks
This command notifies the client when the directory specified by Fid is modified. It also returns the name(s) of the file(s) that changed. The command completes once the directory has been modified based on the supplied CompletionFilter. The command is a "single shot" and therefore needs to be reissued to watch for more directory changes.
When a change that is in the CompletionFilter field is made to the directory, the command completes. The names of the files that have changed since the last time the command was issued are returned to the client. The ParameterCount field of the server response indicates the number of bytes that are being returned. If too many files have changed since the last time the command was issued, then zero bytes are returned and an alternate status code is returned in the Status field of the server response header.
A directory file must be opened before this command may be used. After the directory is open, this command may be used to begin watching files and subdirectories in the specified directory for changes. The first time the command is issued, the MaxParameterCount field in the packet header determines the size of the buffer that will be used at the server to buffer directory change information between issuances of the notify change commands.
2133
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
