Home > Articles > Operating Systems, Server > Microsoft Servers

  • Print
  • + Share This

The Object Creator Information

The OBJECT_HEADER of an object is immediately preceded by an OBJECT_CREATOR_INFO structure if the OB_FLAG_CREATOR_INFO bit of its ObjectFlags member is set. The definition of this optional header part is shown in Listing 2. The ObjectList member is a node within a doubly linked list that connects objects of the same type to each other. As usual, this list is circular. The list head where the object list originates and ends is located within the OBJECT_TYPE structure that represents the common type object of the list members. By default, only Port and WaitablePort objects include OBJECT_CREATOR_INFO data in their headers. The SystemObjectInformation class of the ZwQuerySystemInformation() API function uses the ObjectList to return complete lists of currently allocated objects, grouped by object type. Gary Nebbett points out in his "Windows NT/2000 Native API Reference" that "...this information class is only available if FLG_MAINTAIN_OBJECT_TYPELIST was set in the NtGlobalFlags at boot time." (p. 25).

Listing 2 The OBJECT_CREATOR_INFO Structure

typedef struct _OBJECT_CREATOR_INFO
    {
/*000*/ LIST_ENTRY ObjectList;   // OBJECT_CREATOR_INFO
/*008*/ HANDLE   UniqueProcessId;
/*00C*/ WORD    Reserved1;
/*00E*/ WORD    Reserved2;
/*010*/ }
    OBJECT_CREATOR_INFO,
   * POBJECT_CREATOR_INFO,
  **PPOBJECT_CREATOR_INFO;

The UniqueProcessId is the zero-based numeric ID of the process that created the object. Although defined as a HANDLE, this member is not a handle in the usual sense. It might be described more accurately as an opaque 32-bit unsigned integer. Actually, the Win32 GetCurrentProcessId() API function returns these HANDLE values as DWORD types.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.