ThreadHandleOperation Event

Fires when a thread handle is being created or duplicated.

Syntax

// CBProcessThreadHandleOperationEventArgs carries the CBProcess ThreadHandleOperation event's parameters.
type CBProcessThreadHandleOperationEventArgs struct {...}

func (args *CBProcessThreadHandleOperationEventArgs) Duplication() bool
func (args *CBProcessThreadHandleOperationEventArgs) ProcessId() int32
func (args *CBProcessThreadHandleOperationEventArgs) ThreadId() int32
func (args *CBProcessThreadHandleOperationEventArgs) OriginatorProcessId() int32
func (args *CBProcessThreadHandleOperationEventArgs) OriginatorThreadId() int32
func (args *CBProcessThreadHandleOperationEventArgs) SourceProcessId() int32
func (args *CBProcessThreadHandleOperationEventArgs) TargetProcessId() int32
func (args *CBProcessThreadHandleOperationEventArgs) OriginalDesiredAccess() int32
func (args *CBProcessThreadHandleOperationEventArgs) DesiredAccess() int32
func (args *CBProcessThreadHandleOperationEventArgs) SetDesiredAccess(value int32)
func (args *CBProcessThreadHandleOperationEventArgs) ResultCode() int32
func (args *CBProcessThreadHandleOperationEventArgs) SetResultCode(value int32)

// CBProcessThreadHandleOperationEvent defines the signature of the CBProcess ThreadHandleOperation event's handler function.
type CBProcessThreadHandleOperationEvent func(sender *CBProcess, args *CBProcessThreadHandleOperationEventArgs)

func (obj *CBProcess) GetOnThreadHandleOperationHandler() CBProcessThreadHandleOperationEvent
func (obj *CBProcess) SetOnThreadHandleOperationHandler(handlerFunc CBProcessThreadHandleOperationEvent)

Remarks

This event fires when a thread handle is being created or duplicated. The new handle allows operations to be performed on the associated thread.

Applications may use this event to restrict the access rights that will be granted to the new thread handle. For example, to prevent thread termination, the application could remove the THREAD_TERMINATE flag.

The Duplication parameter indicates whether a new thread handle is being created (false), or an existing one is being duplicated (true).

The ProcessId parameter reflects the Id of the process whose thread's handle is being created/duplicated.

The ThreadId parameter reflects the Id of the thread whose handle is being created/duplicated.

The OriginatorProcessId parameter reflects the Id of the process that requested a handle be created/duplicated.

The OriginatorThreadId parameter reflects the Id of the thread that requested a handle be created/duplicated.

The SourceProcessId and TargetProcessId parameters reflect the Id of the process that is the source of the handle, and the Id of the process that receives the duplicated handle, respectively. (These parameters' values are only valid if Duplication is true.)

The OriginalDesiredAccess parameter reflects the access rights originally requested for the new handle.

The DesiredAccess parameter specifies the access rights that should be granted to the new handle; it will match OriginalDesiredAccess initially. Applications can remove access flags from this value, but they cannot add additional flags.

Please refer to Microsoft's OB_PRE_CREATE_HANDLE_INFORMATION structure documentation for more information about possible access flags.

The ResultCode parameter will always be 0 when the event is fired. If the event cannot be handled in a "successful" manner for some reason (e.g., a resource isn't available, security checks failed, etc.), set it to a non-zero value to report an appropriate error. Please refer to the Error Reporting and Handling topic for more information.

Note that the system APIs offer no way to report errors which occur during the processing of this request. Exceptional ResultCode values are therefore largely ignored.

This event is fired synchronously; please refer to the Event Types topic for more information.

 
 
Copyright (c) 2021 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Go Edition - Version 20.0 [Build 7917]