HV_DETAILS

The HV_DETAILS structure (formally _HV_DETAILS) is a generic container for the cpuid instruction’s output in the eax, ebx, ecx and edx registers when its input in eax selects a cpuid leaf from the hypervisor series which begins at 0x40000000. Its only known use is for the members of the SYSTEM_HYPERVISOR_DETAIL_INFORMATION structure. This is in turn what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemHypervisorDetailInformation (0x9F).

Availability

The HV_DETAILS structure is new for Windows 10.

Documentation Status

The HV_DETAILS structure is not documented.

Microsoft does publish the practical equivalent of a C-language definition as type information in symbol files—not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for a handful of higher-level DLLs that might ordinarily be thought very distant from any involvement with the structure. Perhaps only by oversight, but starting as long ago as Windows 8, Microsoft’s downloadable packages of public symbols have included a smattering of private symbol files and these continue to be available through the public symbol server. Precisely which DLLs have the type information varies between versions. COMBASE.DLL is among the more reliable nowadays. Disclosure in symbol files for URLMON.DLL stopped for the 1803 release of Windows 10 but is specially notable because of this DLL’s origins in Internet Explorer and thence for the strong suggestion that Microsoft’s programmers of Internet Explorer had access to more details of low-level Windows programming than Microsoft publishes for wider use (including by the programmers of competing web browsers).

Layout

The HV_DETAILS structure is 0x10 bytes in both 32-bit and 64-bit Windows. Its definition is known only from symbol files, as noted above:

Offset Definition
0x00 
ULONG Data [4];

The Data array collects the output from a cpuid instruction. Successive elements correspond to the eax, ebx, ecx and edx registers.

This page was created on 19th November 2022 from material first published on 13th November 2016.

Copyright © 2016-2022. Geoff Chappell. All rights reserved. Conditions apply.