_OB_POST_OPERATION_INFORMATION structure

The OB_POST_OPERATION_INFORMATION structure provides information about a process or thread handle operation to an ObjectPostCallback routine.

Syntax

typedef struct _OB_POST_OPERATION_INFORMATION {
  OB_OPERATION                  Operation;
  union {
    ULONG Flags;
    struct {
      ULONG KernelHandle : 1;
      ULONG Reserved : 31;
    };
  };
  PVOID                         Object;
  POBJECT_TYPE                  ObjectType;
  PVOID                         CallContext;
  NTSTATUS                      ReturnStatus;
  POB_POST_OPERATION_PARAMETERS Parameters;
} OB_POST_OPERATION_INFORMATION, *POB_POST_OPERATION_INFORMATION;

Members

Operation

The type of handle operation. This member might be one of the following values:

OB_OPERATION_HANDLE_CREATE

A new handle to a process or thread was created. Use Parameters->CreateHandleInformation for create-specific information.

OB_OPERATION_HANDLE_DUPLICATE

A process or thread handle was duplicated. Use Parameters->DuplicateHandleInformation for duplicate-specific information.

Object

A pointer to the process or thread object that is the target of the handle operation.

ObjectType

A pointer to the object type of the object. This type can be PsProcessType for a process or PsThreadType for a thread.

CallContext

A pointer to driver-specific context information for the operation. This value is the value that the OperationInformation->CallContext member specifies to the ObjectPreCallback routine.

ReturnStatus

The NTSTATUS value for the handle operation.

Parameters

A pointer to an OB_POST_OPERATION_PARAMETERS union that contains operation-specific information. The Operation member determines which member of the union is valid. The pointer is valid only when ReturnStatus is a success code.

Remarks

Unlike the OB_PRE_OPERATION_INFORMATION structure, the members of the OB_POST_OPERATION_INFORMATION structure are purely informational; you cannot modify them.

Requirements

   
Windows version Available in Windows Server 2008 and later versions of the Windows operating system.
Header wdm.h (include Wdm.h, Ntddk.h, Ntifs.h)

See Also

OB_PRE_OPERATION_INFORMATION

ObjectPostCallback

ObjectPreCallback