Geoff Chappell, Software Analyst
The OBJECT_TYPE_INFORMATION structure is what a successful call to ZwQueryObject or NtQueryObject produces at the start of its output buffer when given the information class ObjectTypesInformation (3). For this case, the functions ignore their Handle argument. The query is instead for learning all the types of object.
The OBJECT_TYPES_INFORMATION structure is not documented.
Microsoft does publish the practical equivalent of a C-language definition as type information in public symbol files, though not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for various higher-level user-mode DLLs such as URLMON.DLL and only then starting with version 6.2.
Two earlier disclosures of type information are known, though not in symbol files but in statically linked libraries: GDISRVL.LIB from the Device Driver Kit (DDK) for Windows NT 3.51; and SHELL32.LIB from the DDK for Windows NT 4.0.
The OBJECT_TYPES_INFORMATION is four bytes in both 32-bit and 64-bit Windows. It has just the one member:
|Offset (x86)||Offset (x64)||Definition||Versions|
|3.50 and higher|
The whole point to the OBJECT_TYPES_INFORMATION is that it is followed by NumberOfTypes descriptions of the currently defined types of object. Each of these descriptions is a fixed-size OBJECT_TYPE_INFORMATION structure followed by a variable-size name. It is apparently left to the caller to understand that each OBJECT_TYPE_INFORMATION has its ordinary alignment.