SYSTEM_GDI_DRIVER_INFORMATION

The SYSTEM_GDI_DRIVER_INFORMATION structure both provides input to and receives output from ZwSetSystemInformation or NtSetSystemInformation when given the information classes SystemLoadGdiDriverInformation (0x1A) or SystemLoadGdiDriverInSystemSpace (0x36).

Documentation Status

The SYSTEM_GDI_DRIVER_INFORMATION structure is not documented.

Microsoft does publish the practical equivalent of a C-language definition as type information in public symbol files, though not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for various higher-level user-mode DLLs such as URLMON.DLL and only then starting with version 6.2.

Two earlier disclosures of type information are known, though not in symbol files but in statically linked libraries: GDISRVL.LIB from the Device Driver Kit (DDK) for Windows NT 3.51; and SHELL32.LIB from the DDK for Windows NT 4.0.

Layout

The SYSTEM_GDI_DRIVER_INFORMATION is 0x1C or 0x38 bytes in 32-bit and 64-bit Windows, respectively, in version 5.1 and higher. It is thought to date from version 3.51, when it was only 0x08 bytes. It is 0x18 bytes in versions 4.0 and 5.0.

Offset (x86) Offset (x64) Definition Versions Remarks
0x00 0x00 
UNICODE_STRING DriverName;
 4.0 and higher input
0x08 0x10 
PVOID ImageAddress;
 4.0 and higher output
0x00 (3.10 to 3.51);
0x0C 		0x18 
PVOID SectionPointer;
 3.51 and higher output
0x04 (3.10 to 3.51);
0x10 		0x20 
PVOID EntryPoint;
 3.51 and higher output
0x14 0x28 
IMAGE_EXPORT_DIRECTORY *ExportSectionPointer;
 4.0 and higher output
0x18 0x30 
ULONG ImageLength;
 5.1 and higher output

This page was created on 9th July 2016 but was not published until 26th October 2016. It was last modified on 27th June 2019.

Copyright © 2019. Geoff Chappell. All rights reserved. Conditions apply.