OBJECT_TYPES_INFORMATION

The OBJECT_TYPE_INFORMATION structure is what a successful call to ZwQueryObject or NtQueryObject produces at the start of its output buffer when given the information class ObjectTypesInformation (3). For this case, the functions ignore their Handle argument. The query is instead for learning all the types of object.

Documentation Status

The OBJECT_TYPES_INFORMATION structure is not documented.

Microsoft does publish the practical equivalent of a C-language definition as type information in a handful of private symbol files that Microsoft has included in packages of public symbol files, starting with Windows 8, and continues to make available through Microsoft’s public symbol server. These private symbol files are not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure. They are instead for various higher-level user-mode DLLs such as URLMON.DLL. The latter is here singled out because of its origins in Internet Explorer and thence for the strong suggestion that Microsoft’s programmers of Internet Explorer had access to more details of low-level Windows programming than Microsoft publishes for wider use.

Type information for the structure has also seeped out at the other end of the Windows timeline, though not in symbol files but in statically linked libraries: GDISRVL.LIB from the Device Driver Kit (DDK) for Windows NT 3.51; and SHELL32.LIB from the DDK for Windows NT 4.0.

Layout

The OBJECT_TYPES_INFORMATION is four bytes in both 32-bit and 64-bit Windows. It has just the one member:

ULONG NumberOfTypes;

The whole point to the OBJECT_TYPES_INFORMATION is that it is followed by NumberOfTypes descriptions of the currently defined types of object. Each of these descriptions is a fixed-size OBJECT_TYPE_INFORMATION structure followed by a variable-size name. It is apparently left to the caller to understand that each OBJECT_TYPE_INFORMATION has its ordinary alignment.