Home > Back-end >  What does it mean when a Windows Kernel structure is Opaque?
What does it mean when a Windows Kernel structure is Opaque?

Time:11-25

Does that mean there are no conventional (legit) ways to access an opaque structure's members ?

CodePudding user response:

It just means there is no documentation nor usable header file definition for the struct members. Depending on your definition of "legit", there might or might not be a way to access the members.

On the technical side of things, if you know the address and what the members are you can make your own struct. It is not uncommon to do this with undocumented parts of Windows. Whether or not this is a good idea is a another question.

Some structs used in the Windows kernel are not stable across versions (or even across service packs and updates). This is just something you have to deal with if you choose to access something the Windows team has decided is off limits. This also means you should ask yourself if you really need to access this struct. This is especially true for anything in kernel mode.

There are also examples of things that started out fully opaque but over time have gotten some of its members documented (for legal or other reasons). In those cases, you will see some members just have names like "Reserved1234" and defined as pointers or bytes while the fully documented members have useful names and correct types.

  • Related