Wireshark Wiki 中文翻译整理专题首页原始页面

FILE_DEVICE_FILE_SYSTEM

这是设备 FILE_DEVICE_FILE_SYSTEM 的已知 SMB2/Ioctl 函数列表。

先读这页能解决什么

需求	入口	注意点
根据 4 字节功能码查 FSCTL 名称	函数值表	表中保留原始导入文本，不静默修正历史拼写。
快速判断是否属于文件系统设备	页标题与说明	本页仅覆盖 `FILE_DEVICE_FILE_SYSTEM`。
从功能名定位大致主题	读者入口	可按 OPLOCK、VOLUME、NTFS、OBJECT_ID、REPARSE、USN、ENCRYPTION 等名称片段浏览。

易混点与历史边界

本页是 2020 年导入的 Wireshark Wiki 条目整理，保留原始函数码、名称和个别历史拼写，不补写未在原文出现的语义说明。
表中的名称是识别入口，不代表本文已经覆盖每个 FSCTL 的参数结构或返回结构。
若需要解释功能码整体结构，应先看 [SMB2/Ioctl/Function](/wiki/wireshark/archive/smb2-ioctl-function) 条目。

读者入口

名称片段	可先关注的条目
OPLOCK	`FSCTL_REQUEST_OPLOCK_LEVEL_1`、`FSCTL_REQUEST_OPLOCK_LEVEL_2`、`FSCTL_OPLOCK_BREAK_ACKNOWLEDGE` 等
VOLUME	`FSCTL_LOCK_VOLUME`、`FSCTL_UNLOCK_VOLUME`、`FSCTL_DISMOUNT_VOLUME`、`FSCTL_EXTEND_VOLUME` 等
COMPRESSION	`FSCTL_GET_COMPRESSION`、`FSCTL_SET_COMPRESSION`
NTFS / OBJECT_ID / REPARSE	`FSCTL_GET_NTFS_VOLUME_DATA`、`FSCTL_SET_OBJECT_ID`、`FSCTL_GET_REPARSE_POINT` 等
USN / ENCRYPTION	`FSCTL_CREATE_USN_JOURNAL`、`FSCTL_READ_USN_JOURNAL`、`FSCTL_SET_ENCRYPTION` 等

函数值表

功能码	原始名称
`0x00090000`	`FSCTL_REQUEST_OPLOCK_LEVEL_1`
`0x00090004`	`FSCTL_REQUEST_OPLOCK_LEVEL_2`
`0000090008`	`FSCL_REQUEST_BATCH_OPLOCK`
`0x0009000C`	`FSCTL_OPLOCK_BREAK_ACKNOWLEDGE`
`0x00090010`	`FSCTL_OPBATCH_ACK_CLOSE_PENDING`
`0x00090014`	`FSCTL_OPLOCK_BREAK_NOTIFY`
`0x00090018`	`FSCTL_LOCK_VOLUME`
`0x0009001C`	`FSCTL_UNLOCK_VOLUME`
`0x00090020`	`FSCTL_DISMOUNT_VOLUME`
`0x00090028`	`FSCTL_IS_VOLUME_MOUNTED`
`0x0009002C`	`FSCTL_IS_PATHNAME_VALID`
`0x00090030`	`FSCTL_MARK_VOLUME_DIRTY`
`0x0009003B`	`FSCTL_QUERY_RETRIEVAL_POINTERS`
`0x0009003C`	`FSCTL_GET_COMPRESSION`
`0x0009C040`	`FSCTL_SET_COMPRESSION`
`0x0009004F`	`FSCTL_MARK_AS_SYSTEM_HIVE`
`0x00090050`	`FSCTL_OPLOCK_BREAK_ACK_NO_2`
`0x00090054`	`FSCTL_INVALIDATE_VOLUMES`
`0x00090058`	`FSCTL_QUERY_FAT_BPB`
`0x0009005C`	`FSCTL_REQUEST_FILTER_OPLOCK`
`0x00090060`	`FSCTL_FILESYSTEM_GET_STATISTICS`
`0x00090064`	`FSCTL_GET_NTFS_VOLUME_DATA`
`0x00090068`	`FSCTL_GET_NTFS_FILE_RECORD`
`0x0009006F`	`FSCTL_GET_VOLUME_BITMAP`
`0x00090073`	`FSCTL_GET_RETRIEVAL_POINTERS`
`0x00090074`	`FSCTL_MOVE_FILE`
`0x00090078`	`FSCTL_IS_VOLUME_DIRTY`
`0x0009007C`	`FSCTL_GET_HFS_INFORMATION`
`0x00090083`	`FSCTL_ALLOW_EXTENDED_DASD_IO`
`0x00090087`	`FSCTL_READ_PROPERTY_DATA`
`0x0009008B`	`FSCTL_WRITE_PROPERTY_DATA`
`0x0009008F`	`FSCTL_FIND_FILES_BY_SID`
`0x00090097`	`FSCTL_DUMP_PROPERTY_DATA`
`0x00098098`	`[SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM/FSCTL_SET_OBJECT_ID](/wiki/wireshark/archive/smb2-ioctl-function-file-device-file-system-fsctl-set-object-id)`
`0x0009009C`	`[SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM/FSCTL_GET_OBJECT_ID](/wiki/wireshark/archive/smb2-ioctl-function-file-device-file-system-fsctl-get-object-id)`
`0x000980A0`	`[SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM/FSCTL_DELETE_OBJECT_ID](/wiki/wireshark/archive/smb2-ioctl-function-file-device-file-system-fsctl-delete-object-id)`
`0x000980A4`	`FSCTL_SET_REPARSE_POINT`
`0x000900A8`	`FSCTL_GET_REPARSE_POINT`
`0x000980AC`	`FSCTL_DELETE_REPARSE_POINT`
`0x000940B3`	`FSCTL_ENUM_USN_DATA`
`0x000940B7`	`FSCTL_SECURITY_ID_CHECK`
`0x000940BB`	`FSCTL_READ_USN_JOURNAL`
`0x000980BC`	`FSCTL_SET_OBJECT_ID_EXTENDED`
`0x000900C0`	`SMB2/Ioctl/Function/FILE_DECIVE_FILE_SYSTEM/FSCTL_CREATE_OR_GET_OBJECT_ID`
`0x000980C4`	`FSCTL_SET_SPARSE`
`0x000980C8`	`FSCTL_SET_ZERO_DATA`
`0x000940CF`	`FSCTL_QUERY_ALLOCATED_RANGES`
`0x000980D0`	`FSCTL_ENABLE_UPGRADE`
`0x000900D4`	`FSCTL_SET_ENCRYPTION`
`0x000900DB`	`FSCTL_ENCRYPTION_FSCTL_IO`
`0x000900DF`	`FSCTL_WRITE_RAW_ENCRYPTED`
`0x000900E3`	`FSCTL_READ_RAW_ENCRYPTED`
`0x000940E7`	`FSCTL_CREATE_USN_JOURNAL`
`0x000940EB`	`FSCTL_READ_FILE_USN_DATA`
`0x000940EF`	`FSCTL_WRITE_USN_CLOSE_RECORD`
`0x000900F0`	`FSCTL_EXTEND_VOLUME`

讨论

导入自 https://wiki.wireshark.org/SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM ，时间为 2020-08-11 23:25:04 UTC

SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM ​

先读这页能解决什么 ​

易混点与历史边界 ​

读者入口 ​

函数值表 ​

讨论 ​

相关 Wireshark Wiki 页面 ​

SMB2/Ioctl/Function/FILE_DEVICE_FILE_SYSTEM

先读这页能解决什么

易混点与历史边界

读者入口

函数值表

讨论

相关 Wireshark Wiki 页面