/****************************************************************************** * Object Manager Types * ******************************************************************************/ #define MAXIMUM_FILENAME_LENGTH 256 #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\') #define OBJECT_TYPE_CREATE 0x0001 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) #define DIRECTORY_QUERY 0x0001 #define DIRECTORY_TRAVERSE 0x0002 #define DIRECTORY_CREATE_OBJECT 0x0004 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF) #define SYMBOLIC_LINK_QUERY 0x0001 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) #define DUPLICATE_CLOSE_SOURCE 0x00000001 #define DUPLICATE_SAME_ACCESS 0x00000002 #define DUPLICATE_SAME_ATTRIBUTES 0x00000004 #define OB_FLT_REGISTRATION_VERSION_0100 0x0100 #define OB_FLT_REGISTRATION_VERSION OB_FLT_REGISTRATION_VERSION_0100 typedef ULONG OB_OPERATION; #define OB_OPERATION_HANDLE_CREATE 0x00000001 #define OB_OPERATION_HANDLE_DUPLICATE 0x00000002 typedef struct _OB_PRE_CREATE_HANDLE_INFORMATION { IN OUT ACCESS_MASK DesiredAccess; IN ACCESS_MASK OriginalDesiredAccess; } OB_PRE_CREATE_HANDLE_INFORMATION, *POB_PRE_CREATE_HANDLE_INFORMATION; typedef struct _OB_PRE_DUPLICATE_HANDLE_INFORMATION { IN OUT ACCESS_MASK DesiredAccess; IN ACCESS_MASK OriginalDesiredAccess; IN PVOID SourceProcess; IN PVOID TargetProcess; } OB_PRE_DUPLICATE_HANDLE_INFORMATION, *POB_PRE_DUPLICATE_HANDLE_INFORMATION; typedef union _OB_PRE_OPERATION_PARAMETERS { IN OUT OB_PRE_CREATE_HANDLE_INFORMATION CreateHandleInformation; IN OUT OB_PRE_DUPLICATE_HANDLE_INFORMATION DuplicateHandleInformation; } OB_PRE_OPERATION_PARAMETERS, *POB_PRE_OPERATION_PARAMETERS; typedef struct _OB_PRE_OPERATION_INFORMATION { IN OB_OPERATION Operation; union { IN ULONG Flags; struct { IN ULONG KernelHandle:1; IN ULONG Reserved:31; }; }; IN PVOID Object; IN POBJECT_TYPE ObjectType; OUT PVOID CallContext; IN POB_PRE_OPERATION_PARAMETERS Parameters; } OB_PRE_OPERATION_INFORMATION, *POB_PRE_OPERATION_INFORMATION; typedef struct _OB_POST_CREATE_HANDLE_INFORMATION { IN ACCESS_MASK GrantedAccess; } OB_POST_CREATE_HANDLE_INFORMATION, *POB_POST_CREATE_HANDLE_INFORMATION; typedef struct _OB_POST_DUPLICATE_HANDLE_INFORMATION { IN ACCESS_MASK GrantedAccess; } OB_POST_DUPLICATE_HANDLE_INFORMATION, *POB_POST_DUPLICATE_HANDLE_INFORMATION; typedef union _OB_POST_OPERATION_PARAMETERS { IN OB_POST_CREATE_HANDLE_INFORMATION CreateHandleInformation; IN OB_POST_DUPLICATE_HANDLE_INFORMATION DuplicateHandleInformation; } OB_POST_OPERATION_PARAMETERS, *POB_POST_OPERATION_PARAMETERS; typedef struct _OB_POST_OPERATION_INFORMATION { IN OB_OPERATION Operation; union { IN ULONG Flags; struct { IN ULONG KernelHandle:1; IN ULONG Reserved:31; }; }; IN PVOID Object; IN POBJECT_TYPE ObjectType; IN PVOID CallContext; IN NTSTATUS ReturnStatus; IN POB_POST_OPERATION_PARAMETERS Parameters; } OB_POST_OPERATION_INFORMATION,*POB_POST_OPERATION_INFORMATION; typedef enum _OB_PREOP_CALLBACK_STATUS { OB_PREOP_SUCCESS } OB_PREOP_CALLBACK_STATUS, *POB_PREOP_CALLBACK_STATUS; typedef OB_PREOP_CALLBACK_STATUS (NTAPI *POB_PRE_OPERATION_CALLBACK)( IN PVOID RegistrationContext, IN OUT POB_PRE_OPERATION_INFORMATION OperationInformation); typedef VOID (NTAPI *POB_POST_OPERATION_CALLBACK)( IN PVOID RegistrationContext, IN POB_POST_OPERATION_INFORMATION OperationInformation); typedef struct _OB_OPERATION_REGISTRATION { IN POBJECT_TYPE *ObjectType; IN OB_OPERATION Operations; IN POB_PRE_OPERATION_CALLBACK PreOperation; IN POB_POST_OPERATION_CALLBACK PostOperation; } OB_OPERATION_REGISTRATION, *POB_OPERATION_REGISTRATION; typedef struct _OB_CALLBACK_REGISTRATION { IN USHORT Version; IN USHORT OperationRegistrationCount; IN UNICODE_STRING Altitude; IN PVOID RegistrationContext; IN OB_OPERATION_REGISTRATION *OperationRegistration; } OB_CALLBACK_REGISTRATION, *POB_CALLBACK_REGISTRATION; typedef struct _OBJECT_NAME_INFORMATION { UNICODE_STRING Name; } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; /* Exported object types */ extern POBJECT_TYPE NTSYSAPI CmKeyObjectType; extern POBJECT_TYPE NTSYSAPI ExEventObjectType; extern POBJECT_TYPE NTSYSAPI ExSemaphoreObjectType; extern POBJECT_TYPE NTSYSAPI IoFileObjectType; extern POBJECT_TYPE NTSYSAPI PsThreadType; extern POBJECT_TYPE NTSYSAPI SeTokenObjectType; extern POBJECT_TYPE NTSYSAPI PsProcessType;