Process Monitor shows disposition option for CreateFile operation as "Open", "OpenIf", "Overwrite", "OverwriteIf" (may be something else). How does the options which contain "If" differ from those that do not? And to which CreateFile WinAPI function 'dwCreationDisposition' flags do they correspond?
| CreateFile dwCreationDisposition | NtCreateFile CreateDisposition | Process Monitor Disposition |
|---|---|---|
| n/a | FILE_SUPERSEDE (0) | Supersede (?) |
| OPEN_EXISTING (3) | FILE_OPEN (1) | Open |
| TRUNCATE_EXISTING (5) | FILE_OPEN (1) | Open |
| CREATE_NEW (1) | FILE_CREATE (2) | Create |
| OPEN_ALWAYS (4) | FILE_OPEN_IF (3) | OpenIf |
| n/a | FILE_OVERWRITE (4) | Overwrite (?) |
| CREATE_ALWAYS (2) | FILE_OVERWRITE_IF (5) | OverwriteIf |