NtDoc

No description available.

Windows Driver Kit DDI reference (ns-wdm-_ob_operation_registration)

_OB_OPERATION_REGISTRATION structure

Description

The OB_OPERATION_REGISTRATION structure specifies ObjectPreCallback and ObjectPostCallback callback routines and the types of operations that the routines are called for.

Members

`ObjectType`

A pointer to the object type that triggers the callback routine. Specify one of the following values:

PsProcessType for process handle operations
PsThreadType for thread handle operations
ExDesktopObjectType for desktop handle operations. This value is supported in Windows 10 and not in the earlier versions of the operating system.

`Operations`

Specify one or more of the following flags:

OB_OPERATION_HANDLE_CREATE

A new process, thread, or desktop handle was or will be opened.

OB_OPERATION_HANDLE_DUPLICATE

A process, thread, or desktop handle was or will be duplicated.

`PreOperation`

A pointer to an ObjectPreCallback routine. The system calls this routine before the requested operation occurs.

`PostOperation`

A pointer to an ObjectPostCallback routine. The system calls this routine after the requested operation occurs.

Remarks

This structure is used by the ObRegisterCallbacks routine. The CallBackRegistration parameter to this routine is a pointer to a buffer that contains an OB_CALLBACK_REGISTRATION structure that is followed by an array of one or more OB_OPERATION_REGISTRATION structures.

In each OB_OPERATION_REGISTRATION structure passed to ObRegisterCallback, the caller must supply one or both callback routines. If the PreOperation and PostOperation members of this structure are both NULL, the callback registration operation fails.

OB_OPERATION_REGISTRATION - NtDoc