angelovescio/gist:84551fa3e9a49df2f036

## gistfile1.cs
[StructLayout(LayoutKind.Sequential, Pack = 0)]
public struct IO_STATUS_BLOCK
{
    public uint status;
    public IntPtr information;
}
[DllImport("ntdll.dll", ExactSpelling = true)]
public static extern uint NtQueryEaFile(
    SafeFileHandle handle,
    out IO_STATUS_BLOCK ioStatus,
    IntPtr buffer,
    uint length,
    bool retSingleEntry,
    IntPtr eaList,
    uint eaListLength,
    IntPtr eaIndex,
    bool restartScan
    );
void GetEa()
{
SafeFileHandle sfh = CreateFile("C:\\Toolz\\temp.txt", 8, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, 0x02000000, IntPtr.Zero);

    IntPtr peaGet = Marshal.AllocHGlobal(1024*1024);
    //Marshal.Copy(testArr, 0, peaGet, testArr.Length);

    uint status = Ntfs.NtQueryEaFile(sfh, out ioStatusBlock, peaGet, 1024 * 1024, false, IntPtr.Zero, 0, IntPtr.Zero, true);
    status = (uint)Marshal.GetLastWin32Error();
    if (status != NT_SUCCESS)
    {
	ExitWithError(0);
    }
}
	[StructLayout(LayoutKind.Sequential, Pack = 0)]
	public struct IO_STATUS_BLOCK
	{
	public uint status;
	public IntPtr information;
	}
	[DllImport("ntdll.dll", ExactSpelling = true)]
	public static extern uint NtQueryEaFile(
	SafeFileHandle handle,
	out IO_STATUS_BLOCK ioStatus,
	IntPtr buffer,
	uint length,
	bool retSingleEntry,
	IntPtr eaList,
	uint eaListLength,
	IntPtr eaIndex,
	bool restartScan
	);
	void GetEa()
	{
	SafeFileHandle sfh = CreateFile("C:\\Toolz\\temp.txt", 8, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, 0x02000000, IntPtr.Zero);

	IntPtr peaGet = Marshal.AllocHGlobal(1024*1024);
	//Marshal.Copy(testArr, 0, peaGet, testArr.Length);

	uint status = Ntfs.NtQueryEaFile(sfh, out ioStatusBlock, peaGet, 1024 * 1024, false, IntPtr.Zero, 0, IntPtr.Zero, true);
	status = (uint)Marshal.GetLastWin32Error();
	if (status != NT_SUCCESS)
	{
	ExitWithError(0);
	}
	}