Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !object \\ObjectTypes // commond to get Objects aaddress
- typedef struct _CALLBACK_ENTRY {
- WORD Version; // 0x0
- WORD OperationRegistrationCount; // 0x2
- DWORD unk1; // 0x4
- PVOID RegistrationContext; // 0x8
- UNICODE_STRING Altitude; // 0x10
- } CALLBACK_ENTRY, *PCALLBACK_ENTRY; // header size: 0x20 (0x6C if you count the array afterwards - this is only the header. The array of CALLBACK_ENTRY_ITEMs is useless.)
- // CALLBACK_ENTRY_ITEM
- typedef struct _CALLBACK_ENTRY_ITEM {
- LIST_ENTRY CallbackList; // 0x0
- OB_OPERATION Operations; // 0x10
- DWORD Active; // 0x14
- CALLBACK_ENTRY *CallbackEntry; // 0x18
- PVOID ObjectType; // 0x20
- POB_PRE_OPERATION_CALLBACK PreOperation; // 0x28 this is address of first callback function //
- POB_POST_OPERATION_CALLBACK PostOperation; // 0x30 this is address of second callback function
- QWORD unk1; // 0x38
- } CALLBACK_ENTRY_ITEM, *PCALLBACK_ENTRY_ITEM; // size: 0x40
- typedef struct _OBJECT_TYPE {
- LIST_ENTRY TypeList;
- UNICODE_STRING Name;
- VOID* DefaultObject;
- UCHAR Index;
- unsigned __int32 TotalNumberOfObjects;
- unsigned __int32 TotalNumberOfHandles;
- unsigned __int32 HighWaterNumberOfObjects;
- unsigned __int32 HighWaterNumberOfHandles;
- OBJECT_TYPE_INITIALIZER TypeInfo;
- EX_PUSH_LOCK TypeLock;
- unsigned __int32 Key;
- LIST_ENTRY CallbackList; // A linked list of CALLBACK_ENTRY_ITEMs, which is what we want!
- }OBJECT_TYPE, *POBJECT_TYPE;
Add Comment
Please, Sign In to add comment
