WDM/Architecture2011.12.14 10:38

The OB_PRE_CREATE_HANDLE_INFORMATION structure provides information to an ObjectPreCallbackroutine about a thread or process handle that is being opened.

Syntax

typedef struct _OB_PRE_CREATE_HANDLE_INFORMATION {
  ACCESS_MASK DesiredAccess;
  ACCESS_MASK OriginalDesiredAccess;
} OB_PRE_CREATE_HANDLE_INFORMATION, *POB_PRE_CREATE_HANDLE_INFORMATION;

Members

DesiredAccess

An ACCESS_MASK value that specifies the access rights to grant for the handle. By default, this member equals OriginalDesiredAccess, but the ObjectPreCallback routine can modify this value to restrict the access that is granted.

Drivers can use the following flags for handles to processes:

FlagAllowed operations

PROCESS_CREATE_PROCESS

Create a new child process of the process.

PROCESS_CREATE_THREAD

Create a new thread in the context of the process.

PROCESS_DUP_HANDLE

Duplicate handles to or from the context of the process, such as by calling the user-mode DuplicateHandle routine.

PROCESS_SET_QUOTA

Set the working set size for the process, such as by calling the user-mode SetProcessWorkingSetSize routine.

PROCESS_SET_INFORMATION

Modify process settings, such as by calling the user-modeSetPriorityClass routine.

PROCESS_SUSPEND_RESUME

Suspend or resume the process.

PROCESS_TERMINATE

Terminate the process, such as by calling the user-modeTerminateProcess routine..

PROCESS_VM_OPERATIONS

Modify the address space of the process, such as by calling the user-mode WriteProcessMemory and VirtualProtectExroutines.

PROCESS_VM_WRITE

Write to the address space of the process, such as by calling the user-mode WriteProcessMemory routine.

 

Drivers can use the following flags for handles to threads:

FlagAllowed operations

THREAD_DIRECT_IMPERSONATION

Enable a server thread to impersonate one of its clients.

THREAD_IMPERSONATE

Impersonate the operating system's anonymous logon token, such as by calling the user-modeImpersonateAnonymousToken routine.

THREAD_SET_CONTEXT

Modify the thread's execution context, such as by calling the user-mode SetThreadContext routine.

THREAD_SET_INFORMATION

Modify thread settings, such as by calling the user-mode SetThreadIdealProcessor routine. The operations that are permitted by this access right are a superset of those that are permitted by the THREAD_SET_LIMITED_INFORMATION access right.

THREAD_SET_LIMITED_INFORMATION

Modify a limited set of thread settings, such as by calling the user-mode SetThreadAffinityMask andSetThreadPriorityBoost routines.

THREAD_SET_THREAD_TOKEN

Modify properties of the thread's impersonation token, such as by calling the user-modeSetTokenInformation routine.

THREAD_SUSPEND_RESUME

Suspend or resume the thread, such as by calling the user-mode SuspendThread and ResumeThreadroutines.

THREAD_TERMINATE

Terminate the thread, such as by calling the user-mode TerminateThread routine.

 

OriginalDesiredAccess

An ACCESS_MASK value that specifies the original access that was requested for the handle.

Remarks

You can never add access rights beyond what is specified in the DesiredAccess member. If the access right is listed as a modifiable flag, the access right can be removed.


출처 :  http://msdn.microsoft.com/en-us/library/windows/hardware/ff558725(v=vs.85).aspx

Posted by 쫑경
TAG