SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

OB_OPEN_METHOD

The OB_OPEN_METHOD type is a pointer to a routine that can be defined for all objects of the same type. It is specified as the OpenProcedure member of the OBJECT_TYPE_INITIALIZER structure when creating the object type. It is then retained in this structure as nested into the OBJECT_TYPE structure.

Declaration

The modern declaration dates from version 6.0: 

typedef 
NTSTATUS 
(*OB_OPEN_METHOD) (
    OB_OPEN_REASON OpenReason, 
    KPROCESSOR_MODE AccessMode, 
    EPROCESS *Process, 
    PVOID Object, 
    ACCESS_MASK *GrantedAccess, 
    ULONG HandleCount);

In versions 5.1 to 5.2, the function has one fewer argument: 

typedef 
NTSTATUS 
(*OB_OPEN_METHOD) (
    OB_OPEN_REASON OpenReason, 
    EPROCESS *Process, 
    PVOID Object, 
    ACCESS_MASK GrantedAccess, 
    ULONG HandleCount);

In earlier versions, the first argument is not yet defined formally as an enumeration: 

typedef 
VOID 
(*OB_OPEN_METHOD) (
    INT OpenReason, 
    EPROCESS *Process, 
    PVOID Object, 
    ACCESS_MASK GrantedAccess, 
    ULONG HandleCount);

This page was created on 22nd June 2020 but was not published until 31st August 2022.

Copyright © 2022. Geoff Chappell. All rights reserved. Conditions apply.