SYSTEM_MEMORY_INFORMATION

The SYSTEM_MEMORY_INFORMATION structure may be what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation would produce in its output buffer when given the information classes SystemFullMemoryInformation (0x19) or SystemSummaryMemoryInformation (0x1D). Instead, these information classes are not implemented in any known Windows version, at least not in retail builds.

Documentation Status

The SYSTEM_MEMORY_INFORMATION structure is not documented.

Microsoft does publish the practical equivalent of a C-language definition as type information in public symbol files, though not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for various higher-level user-mode DLLs such as URLMON.DLL and only then starting with version 6.2.

One earlier disclosure of type information is known, though not in any symbol file but instead in what would otherwise be just an import library for SHELL32.DLL and only then as supplied with the Device Driver Kit (DDK) for Windows NT 4.0.

Layout

Versions 3.51 to 5.0 implement these information classes just enough to check that the information buffer is at least 0x14 bytes. This is consistent with the structure as known from type information for version 4.0:

Offset (x86) Definition
0x00 
ULONG InfoSize;
0x04 
ULONG StringStart;
0x08 
SYSTEM_MEMORY_INFO Memory [ANYSIZE_ARRAY];

The 0x0C-byte SYSTEM_MEMORY_INFO is also known only from the type information for version 4.0 and appears to have no other purpose:

Offset (x86) Definition
0x00 
PBYTE StringOffset;
0x04 
USHORT ValidCount;
0x06 
USHORT TransitionCount;
0x08 
USHORT ModifiedCount;
0x0A 
USHORT PageTableCount;

Remember, though, that no code is known from which to infer any meaning for any of the members in either of the preceding structures.

A completely different SYSTEM_MEMORY_INFORMATION is known from type information in symbol files starting with Windows 8. It is 0x10 or 0x20 bytes in 32-bit and 64-bit Windows, respectively.

Offset (x86) Offset (x64) Definition
0x00 0x00 
ULONG_PTR PagedPoolCommitPageCount;
0x04 0x08 
ULONG_PTR NonPagedPoolPageCount;
0x08 0x10 
ULONG_PTR MdlPageCount;
0x0C 0x18 
ULONG_PTR CommitPageCount;

This page was created on 9th July 2016 but was not published until 3rd November 2019.

Copyright © 2019. Geoff Chappell. All rights reserved. Conditions apply.