IRP
MDL
Expand Minimize

OB_PRE_CREATE_HANDLE_INFORMATION structure

The OB_PRE_CREATE_HANDLE_INFORMATION structure provides information to an ObjectPreCallback routine about a thread or process handle that is being opened.

Syntax


typedef struct _OB_PRE_CREATE_HANDLE_INFORMATION {
  ACCESS_MASK DesiredAccess;
  ACCESS_MASK OriginalDesiredAccess;
} OB_PRE_CREATE_HANDLE_INFORMATION, *POB_PRE_CREATE_HANDLE_INFORMATION;

Members

DesiredAccess

An ACCESS_MASK value that specifies the access rights to grant for the handle. By default, this member equals OriginalDesiredAccess, but the ObjectPreCallback routine can modify this value to restrict the access that is granted.

Drivers can use the following flags for handles to processes:

FlagAllowed operations

PROCESS_CREATE_PROCESS

Create a new child process of the process.

PROCESS_CREATE_THREAD

Create a new thread in the context of the process.

PROCESS_DUP_HANDLE

Duplicate handles to or from the context of the process, such as by calling the user-mode DuplicateHandle routine.

PROCESS_SET_QUOTA

Set the working set size for the process, such as by calling the user-mode SetProcessWorkingSetSize routine.

PROCESS_SET_INFORMATION

Modify process settings, such as by calling the user-mode SetPriorityClass routine.

PROCESS_SUSPEND_RESUME

Suspend or resume the process.

PROCESS_TERMINATE

Terminate the process, such as by calling the user-mode TerminateProcess routine..

PROCESS_VM_OPERATIONS

Modify the address space of the process, such as by calling the user-mode WriteProcessMemory and VirtualProtectEx routines.

PROCESS_VM_WRITE

Write to the address space of the process, such as by calling the user-mode WriteProcessMemory routine.

 

Drivers can use the following flags for handles to threads:

FlagAllowed operations

THREAD_DIRECT_IMPERSONATION

Enable a server thread to impersonate one of its clients.

THREAD_IMPERSONATE

Impersonate the operating system's anonymous logon token, such as by calling the user-mode ImpersonateAnonymousToken routine.

THREAD_SET_CONTEXT

Modify the thread's execution context, such as by calling the user-mode SetThreadContext routine.

THREAD_SET_INFORMATION

Modify thread settings, such as by calling the user-mode SetThreadIdealProcessor routine. The operations that are permitted by this access right are a superset of those that are permitted by the THREAD_SET_LIMITED_INFORMATION access right.

THREAD_SET_LIMITED_INFORMATION

Modify a limited set of thread settings, such as by calling the user-mode SetThreadAffinityMask and SetThreadPriorityBoost routines.

THREAD_SET_THREAD_TOKEN

Modify properties of the thread's impersonation token, such as by calling the user-mode SetTokenInformation routine.

THREAD_SUSPEND_RESUME

Suspend or resume the thread, such as by calling the user-mode SuspendThread and ResumeThread routines.

THREAD_TERMINATE

Terminate the thread, such as by calling the user-mode TerminateThread routine.

 

OriginalDesiredAccess

An ACCESS_MASK value that specifies the original access that was requested for the handle.

Remarks

You can never add access rights beyond what is specified in the DesiredAccess member. If the access right is listed as a modifiable flag, the access right can be removed.

Requirements

Version

Available in Windows Server 2008 and later versions of the Windows operating system.

Header

Wdm.h (include Wdm.h, Ntddk.h, or Ntifs.h)

See also

ACCESS_MASK
ObjectPreCallback

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft