SYSTEM_POOL_INFORMATION

The SYSTEM_POOL_INFORMATION structure may be what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation would produce in its output buffer when given the information classes SystemPagedPoolInformation (0x0E) and SystemNonPagedPoolInformation (0x0F). Instead, these information classes are not implemented in any known Windows version, at least not in retail builds.

Documentation Status

The SYSTEM_POOL_INFORMATION structure is not documented.

Microsoft does publish the practical equivalent of a C-language definition as type information in public symbol files, though not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for various higher-level user-mode DLLs such as URLMON.DLL and only then starting with version 6.2.

Two earlier disclosures of type information are known, though not in symbol files but in statically linked libraries: GDISRVL.LIB from the Device Driver Kit (DDK) for Windows NT 3.51; and SHELL32.LIB from the DDK for Windows NT 4.0.

Layout

The SYSTEM_POOL_INFORMATION is 0x1C or 0x28 bytes in 32-bit and 64-bit Windows, respectively, starting with version 3.51, but is 0x48 bytes in earlier versions.

ULONG_PTR TotalSize;

PVOID FirstEntry;

USHORT EntryOverhead;

BOOLEAN PoolTagPresent;

UCHAR Spare0;

ULONG NumberOfEntries;

SYSTEM_POOL_ENTRY Entries [ANYSIZE_ARRAY];

The SYSTEM_POOL_ENTRY structure is 0x0C or 0x10 bytes in 32-bit and 64-bit Windows, respectively, starting with version 3.51. In earlier versions, it is 0x10 bytes. While it seems to be used nowhere else, it may as well be presented here:

BOOLEAN Allocated;

UCHAR Spare0;

USHORT AllocatorBackTraceIndex;

ULONG Size;

union {
    UCHAR Tag [4];
    ULONG TagUlong;
    PVOID ProcessChargedQuota
};