From ReactOS Wiki
Jump to: navigation, search

In Win32K land, the handles come from gpentHmgr, and each handle is indexed from it. The resulting structure is called an _ENTRY, and is defined as follows (dumped from win32k.sys symbol file):

struct _ENTRY                    // XP32 Vista64
    union _EINFO                 // 0x00 0x00
        POBJ pobj;
        HGDIOBJ hFree;
    } einfo;
    union _OBJECTOWNER           // 0x04 0x08
        struct _OBJECTOWNER_S
            unsigned Lock:1;
            unsigned Pid_Shifted:31;
        } Share;
        ULONG ulObj;
    } ObjectOwner;
    USHORT FullUnique;           // 0x08 0x0c
    UCHAR Objt;                  // 0x0a 0x0e
    UCHAR Flags;                 // 0x0b 0x0f
    PVOID pUser;                 // 0x0c 0x10


The pointer to a _BASEOBJECT is known as a POBJ.


If the slot is deleted, it stores the handle (or rather the index) of the next free slot in the list.


Set for objects that have an exclusive lock.


Shifted (by 1 to the right) Process Id of the process that owns the objects. 0 For kernel handles. Can have the highest bit set for some special objects, like saved DCs.


Identical to the upper 16 bits of the handle.


The type of object. 0 for deleted objects.
typedef enum GDIObjType
    GDIObjType_DEF_TYPE = 0x00,
    GDIObjType_DC_TYPE = 0x01,
    GDIObjType_UNUSED1_TYPE = 0x02,
    GDIObjType_UNUSED2_TYPE = 0x03,
    GDIObjType_RGN_TYPE = 0x04,
    GDIObjType_SURF_TYPE = 0x05,
    GDIObjType_CLIENTOBJ_TYPE = 0x06,
    GDIObjType_PATH_TYPE = 0x07,
    GDIObjType_PAL_TYPE = 0x08,
    GDIObjType_ICMLCS_TYPE = 0x09,
    GDIObjType_LFONT_TYPE = 0x0a,
    GDIObjType_RFONT_TYPE = 0x0b,
    GDIObjType_PFE_TYPE = 0x0c,
    GDIObjType_PFT_TYPE = 0x0d,
    GDIObjType_ICMCXF_TYPE = 0x0e,
    GDIObjType_SPRITE_TYPE = 0x0f,
    GDIObjType_BRUSH_TYPE = 0x10,
    GDIObjType_UMPD_TYPE = 0x11,
    GDIObjType_UNUSED4_TYPE = 0x12,
    GDIObjType_SPACE_TYPE = 0x13,
    GDIObjType_UNUSED5_TYPE = 0x14,
    GDIObjType_META_TYPE = 0x15,
    GDIObjType_EFSTATE_TYPE = 0x16,
    GDIObjType_BMFD_TYPE = 0x17,
    GDIObjType_VTFD_TYPE = 0x18,
    GDIObjType_TTFD_TYPE = 0x19,
    GDIObjType_RC_TYPE = 0x1a,
    GDIObjType_TEMP_TYPE = 0x1b,
    GDIObjType_DRVOBJ_TYPE = 0x1c,
    GDIObjType_DCIOBJ_TYPE = 0x1d,
    GDIObjType_SPOOL_TYPE = 0x1e,
    GDIObjType_MAX_TYPE = 0x1e,
    GDIObjTypeTotal = 0x1f,


0x01 is set for several different kernel objects
0x04 is set for DCs got with GetDC(), also found a kernel DC (Display DC?)