OB_PRE_OPERATION_INFORMATION structure

The OB_PRE_OPERATION_INFORMATION structure provides information about a process or thread handle operation to an ObjectPreCallback routine.

Syntax


typedef struct _OB_PRE_OPERATION_INFORMATION {
  OB_OPERATION                 Operation;
  union {
    ULONG  Flags;
    struct {
      ULONG KernelHandle  :1;
      ULONG Reserved  :31;
    };
  };
  PVOID                        Object;
  POBJECT_TYPE                 ObjectType;
  PVOID                        CallContext;
  POB_PRE_OPERATION_PARAMETERS Parameters;
} OB_PRE_OPERATION_INFORMATION, *POB_PRE_OPERATION_INFORMATION;

Members

Operation

The type of handle operation. This member might be one of the following values:

OB_OPERATION_HANDLE_CREATE

A new handle to a process or thread will be opened. Use Parameters->CreateHandleInformation for create-specific information.

OB_OPERATION_HANDLE_DUPLICATE

A process or thread handle will be duplicated. Use Parameters->DuplicateHandleInformation for duplicate-specific information.

Flags

Reserved. Use the KernelHandle member instead.

KernelHandle

A bit that specifies whether the handle is a kernel handle. If this member is TRUE, the handle is a kernel handle. Otherwise, this handle is not a kernel handle.

Reserved

Reserved for system use.

Object

A pointer to the process or thread object that is the target of the handle operation.

ObjectType

A pointer to the object type of the object. This member is PsProcessType for a process or PsThreadType for a thread.

CallContext

A pointer to driver-specific context information for the operation. By default, the Filter Manager sets this member to NULL, but the ObjectPreCallback routine can reset the CallContext member in a driver-specific manner. The Filter Manager passes this value to the matching ObjectPostCallback routine.

Parameters

A pointer to an OB_PRE_OPERATION_PARAMETERS union that contains operation-specific information. The Operation member determines which member of the union is valid.

Requirements

Version

Available in Windows Server 2008 and later versions of the Windows operating system.

Header

Wdm.h (include Wdm.h, Ntddk.h, or Ntifs.h)

See also

OB_PRE_OPERATION_PARAMETERS
ObjectPostCallback
ObjectPreCallback

 

 

Send comments about this topic to Microsoft

Show: