Geoff Chappell - Software Analyst
The OBJECT_HEADER_CREATOR_INFO structure is one of several structures that may precede an OBJECT_HEADER in a memory block that contains an Object Manager object.
The OBJECT_HEADER_CREATOR_INFO structure is 0x10 or 0x20 bytes in 32-bit and 64-bit Windows, respectively. Microsoft’s names and types are known from type information in public symbol files for the kernel, starting with Windows 2000 SP3. Names are known with slightly less certainty for version 4.0 from the output of the !dso command as implemented by the debugger extension USEREXTS.DLL from the Windows NT 4.0 Device Driver Kit (DDK).
| Offset (x86) | Offset (x64) | Definition | Versions |
|---|---|---|---|
| 0x00 | 0x00 |
LIST_ENTRY TypeList; |
3.50 and higher |
| 0x08 | 0x10 |
PVOID CreatorUniqueProcess; |
3.50 and higher |
| 0x0C | 0x18 |
USHORT CreatorBackTraceIndex; |
3.50 and higher |
| 0x0E | 0x1A |
USHORT Reserved; |
3.50 and higher |
| 0x1C |
ULONG Reserved2; |
1607 and higher |