OB_PRE_OPERATION_INFORMATION - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
// wdm.h
typedef struct _OB_PRE_OPERATION_INFORMATION {
OB_OPERATION Operation;
union {
ULONG Flags;
struct {
ULONG KernelHandle : 1;
ULONG Reserved : 31;
};
};
PVOID Object;
POBJECT_TYPE ObjectType;
PVOID CallContext;
POB_PRE_OPERATION_PARAMETERS Parameters;
} OB_PRE_OPERATION_INFORMATION, *POB_PRE_OPERATION_INFORMATION;
View the official Windows Driver Kit DDI referenceNo description available.
The OB_PRE_OPERATION_INFORMATION structure provides information about a process or thread handle operation to an ObjectPreCallback routine.
OperationThe type of handle operation. This member might be one of the following values:
A new handle to a process or thread will be opened. Use Parameters->CreateHandleInformation for create-specific information.
A process or thread handle will be duplicated. Use Parameters->DuplicateHandleInformation for duplicate-specific information.
FlagsReserved. Use the KernelHandle member instead.
KernelHandleA bit that specifies whether the handle is a kernel handle. If this member is TRUE, the handle is a kernel handle. Otherwise, this handle is not a kernel handle.
ReservedReserved for system use.
ObjectA pointer to the process or thread object that is the target of the handle operation.
ObjectTypeA pointer to the object type of the object. This member is PsProcessType for a process or PsThreadType for a thread.
CallContextA pointer to driver-specific context information for the operation. By default, the Filter Manager sets this member to NULL, but the ObjectPreCallback routine can reset the CallContext member in a driver-specific manner. The Filter Manager passes this value to the matching ObjectPostCallback routine.
ParametersA pointer to an OB_PRE_OPERATION_PARAMETERS union that contains operation-specific information. The Operation member determines which member of the union is valid.