SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

OB_OKAYTOCLOSE_METHOD

The OB_OKAYTOCLOSE_METHOD type is a pointer to a routine that can be defined for all objects of the same type. It is specified as the OkayToCloseProcedure member of the OBJECT_TYPE_INITIALIZER structure when creating the object type. It is then retained in this structure as nested into the OBJECT_TYPE structure.

Declaration

The modern declaration dates from version 5.1: 

typedef 
BOOLEAN 
(*OB_OKAYTOCLOSE_METHOD) (
    EPROCESS *Process, 
    PVOID Object, 
    HANDLE Handle, 
    KPROCESSOR_MODE PreviousMode);

It added an argument to the original from version 5.0: 

typedef 
BOOLEAN 
(*OB_OKAYTOCLOSE_METHOD) (
    EPROCESS *Process, 
    PVOID Object, 
    HANDLE Handle);

This page was created on 22nd June 2020 but was not published until 31st August 2022.

Copyright © 2022. Geoff Chappell. All rights reserved. Conditions apply.