Internals : Handle List

Author: AElectrine
Subject: Handle List
Posted: 24 December 2014 at 8:54am

I want to find list of handles of some object.
In Mark's book (6th ed) written that in _OBJECT_HEADER (will write like in windbg) contains InfoMask field (later written about SubheaderMask field). But there is no such field in _OBJECT_HEADER struct. I saw NameInfoOffset, HandleInfoOffset and QuotaInfoOffset (but they aren't bit-fields). Also ObjectCreateInfo. In book written that object can contain from 0 to 5 subheaders.
I will be glad if anyone will explain me where I can take information about subheaders (and how take info from them).

WinXP SP3

lkd> dt nt!_OBJECT_HEADER
   +0x000 PointerCount     : Int4B
   +0x004 HandleCount      : Int4B
   +0x004 NextToFree       : Ptr32 Void
   +0x008 Type             : Ptr32 _OBJECT_TYPE
   +0x00c NameInfoOffset   : UChar
   +0x00d HandleInfoOffset : UChar
   +0x00e QuotaInfoOffset : UChar
   +0x00f Flags            : UChar
   +0x010 ObjectCreateInfo : Ptr32 _OBJECT_CREATE_INFORMATION
   +0x010 QuotaBlockCharged : Ptr32 Void
   +0x014 SecurityDescriptor : Ptr32 Void
   +0x018 Body             : _QUAD