OB_OPERATION_REGISTRATION structure (wdm.h)
The OB_OPERATION_REGISTRATION structure specifies ObjectPreCallback and ObjectPostCallback callback routines and the types of operations that the routines are called for.
Syntax
typedef struct _OB_OPERATION_REGISTRATION {
POBJECT_TYPE *ObjectType;
OB_OPERATION Operations;
POB_PRE_OPERATION_CALLBACK PreOperation;
POB_POST_OPERATION_CALLBACK PostOperation;
} OB_OPERATION_REGISTRATION, *POB_OPERATION_REGISTRATION;
Members
ObjectType
A pointer to the object type that triggers the callback routine. Specify one of the following values:
- PsProcessType for process handle operations
- PsThreadType for thread handle operations
- ExDesktopObjectType for desktop handle operations. This value is supported in Windows 10 and not in the earlier versions of the operating system.
Operations
Specify one or more of the following flags:
OB_OPERATION_HANDLE_CREATE
A new process, thread, or desktop handle was or will be opened.
OB_OPERATION_HANDLE_DUPLICATE
A process, thread, or desktop handle was or will be duplicated.
PreOperation
A pointer to an ObjectPreCallback routine. The system calls this routine before the requested operation occurs.
PostOperation
A pointer to an ObjectPostCallback routine. The system calls this routine after the requested operation occurs.
Remarks
This structure is used by the ObRegisterCallbacks routine. The CallBackRegistration parameter to this routine is a pointer to a buffer that contains an OB_CALLBACK_REGISTRATION structure that is followed by an array of one or more OB_OPERATION_REGISTRATION structures.
In each OB_OPERATION_REGISTRATION structure passed to ObRegisterCallback, the caller must supply one or both callback routines. If the PreOperation and PostOperation members of this structure are both NULL, the callback registration operation fails.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Available starting with Windows Server 2008. |
Header | wdm.h (include Wdm.h, Ntddk.h, Ntifs.h) |