diff --git a/src/xenia/kernel/xobject.cc b/src/xenia/kernel/xobject.cc
index 5338e4359..b6c8df7ac 100644
--- a/src/xenia/kernel/xobject.cc
+++ b/src/xenia/kernel/xobject.cc
@@ -40,8 +40,8 @@ XObject::~XObject() {
     auto header = memory()->TranslateVirtual<X_OBJECT_HEADER*>(ptr);
 
     // Free the object creation info
-    if (header->object_create_info) {
-      memory()->SystemHeapFree(header->object_create_info);
+    if (header->object_type_ptr) {
+      memory()->SystemHeapFree(header->object_type_ptr);
     }
 
     memory()->SystemHeapFree(ptr);
@@ -241,15 +241,13 @@ uint8_t* XObject::CreateNative(uint32_t size) {
 
   auto header = memory()->TranslateVirtual<X_OBJECT_HEADER*>(mem);
 
-  auto creation_info =
-      memory()->SystemHeapAlloc(sizeof(X_OBJECT_CREATE_INFORMATION));
-  if (creation_info) {
-    memory()->Zero(creation_info, sizeof(X_OBJECT_CREATE_INFORMATION));
-
+  auto object_type =
+      memory()->SystemHeapAlloc(sizeof(X_OBJECT_TYPE));
+  if (object_type) {
     // Set it up in the header.
-    // Some kernel method is accessing this struct and dereferencing a member.
-    // With our current definition that member is non_paged_pool_charge.
-    header->object_create_info = creation_info;
+    // Some kernel method is accessing this struct and dereferencing a member
+    // @ offset 0x14
+    header->object_type_ptr = object_type;
   }
 
   return memory()->TranslateVirtual(guest_object_ptr_);
diff --git a/src/xenia/kernel/xobject.h b/src/xenia/kernel/xobject.h
index 70bdc4e4c..7b54ed030 100644
--- a/src/xenia/kernel/xobject.h
+++ b/src/xenia/kernel/xobject.h
@@ -63,7 +63,6 @@ struct X_OBJECT_HEADER {
     xe::be<uint32_t> handle_count;
     xe::be<uint32_t> next_to_free;
   };
-  xe::be<uint32_t> object_type_ptr;
   uint8_t name_info_offset;
   uint8_t handle_info_offset;
   uint8_t quota_info_offset;
@@ -72,7 +71,8 @@ struct X_OBJECT_HEADER {
     xe::be<uint32_t> object_create_info;  // X_OBJECT_CREATE_INFORMATION
     xe::be<uint32_t> quota_block_charged;
   };
-  xe::be<uint32_t> security_descriptor;
+  xe::be<uint32_t> object_type_ptr;  // -0x8 POBJECT_TYPE
+  xe::be<uint32_t> unk_04;           // -0x4
 
   // Object lives after this header.
   // (There's actually a body field here which is the object itself)
@@ -80,19 +80,29 @@ struct X_OBJECT_HEADER {
 
 // http://www.nirsoft.net/kernel_struct/vista/OBJECT_CREATE_INFORMATION.html
 struct X_OBJECT_CREATE_INFORMATION {
-  xe::be<uint32_t> attributes;
-  xe::be<uint32_t> root_directory_ptr;
-  xe::be<uint32_t> parse_context_ptr;
-  xe::be<uint32_t> probe_mode;
-  xe::be<uint32_t> paged_pool_charge;
-  xe::be<uint32_t> non_paged_pool_charge;
-  xe::be<uint32_t> security_descriptor_charge;
-  xe::be<uint32_t> security_descriptor;
-  xe::be<uint32_t> security_qos_ptr;
+  xe::be<uint32_t> attributes;                  // 0x0
+  xe::be<uint32_t> root_directory_ptr;          // 0x4
+  xe::be<uint32_t> parse_context_ptr;           // 0x8
+  xe::be<uint32_t> probe_mode;                  // 0xC
+  xe::be<uint32_t> paged_pool_charge;           // 0x10
+  xe::be<uint32_t> non_paged_pool_charge;       // 0x14
+  xe::be<uint32_t> security_descriptor_charge;  // 0x18
+  xe::be<uint32_t> security_descriptor;         // 0x1C
+  xe::be<uint32_t> security_qos_ptr;            // 0x20
 
   // Security QoS here (SECURITY_QUALITY_OF_SERVICE) too!
 };
 
+struct X_OBJECT_TYPE {
+  xe::be<uint32_t> constructor;  // 0x0
+  xe::be<uint32_t> destructor;   // 0x4
+  xe::be<uint32_t> unk_08;       // 0x8
+  xe::be<uint32_t> unk_0C;       // 0xC
+  xe::be<uint32_t> unk_10;       // 0x10
+  xe::be<uint32_t> unk_14;    // 0x14 probably offset from ntobject to keobject
+  xe::be<uint32_t> pool_tag;  // 0x18
+};
+
 class XObject {
  public:
   enum Type {