Geoff Chappell - Software Analyst
The SYSTEM_INFORMATION_CLASS (formally _SYSTEM_INFORMATION_CLASS) is an enumeration whose values are intended as input to the ZwQuerySystemInformation, ZwQuerySystemInformationEx and ZwSetSystemInformation functions (and to the corresponding forms whose names begin with Nt instead of Zw). Different values from the enumeration select different types of information to query or set.
Microsoft has kept SYSTEM_INFORMATION_CLASS remarkably private. Analogues for information about files, processes, threads, and much else, have all their supported values defined in header files from as far back as the Device Driver Kit (DDK) for Windows NT 3.51. Even as late as the Windows Driver Kit (WDK) for Windows 10, however, SYSTEM_INFORMATION_CLASS has no C-language definition in any WDK header.
The closest that Microsoft has come to formal disclosure of the SYSTEM_INFORMATION_CLASS enumeration is some plainly reluctant documentation of NtQuerySystemInformation and a C-language definition of the enumeration in a header named WINTERNL.H file from the Software Development Kit (SDK) for user-mode programming. This header was added to the SDK in 2002, apparently for Microsoft’s compliance with a settlement concerning unfair use of internal Windows APIs by “middleware” products such as Internet Explorer. Better late than never, it might be argued, except that neither the documentation’s listing nor the header’s definition of SYSTEM_INFORMATION_CLASS is anywhere near complete. Perhaps Microsoft felt compelled to disclose only the cases that Microsoft found its middleware using, but whatever the reason, the disclosure was not so much partial as greatly reduced—from approximately two hundred to just nine, increased to 10 in the SDK for Windows 8.1, and to 12 for the documentation online as found today, 28th October 2016, but dating from who knows when.
Microsoft’s names for all the SYSTEM_INFORMATION_CLASS values have slipped out, of course. As usual when it comes to Microsoft’s names for otherwise undocumented material, they’re knowable from type information in symbol files that Microsoft publishes for debugging support. Not at all usual is which symbol files: not for the kernel, where the enumeration is interpreted and the relevant functions are implemented; nor even for NTDLL or other such low-level user-mode modules that call the functions as their system-level support of the documented Win32 API; but for various higher-level user-mode DLLs that are far enough away from the system that they ought, if only in principle, not need any functionality that isn’t documented for everyone.
The most conspicuous is URLMON.DLL, for it is a component of Internet Explorer, i.e., of the most prominent “middleware” that compelled even the grudgingly partial disclosure in 2002. The symbol files that have been publicly available for URLMON since 2012 for Windows 8 through to Windows 10 before the 1803 release show that it is built not with the reduced SYSTEM_INFORMATION_CLASS from WINTERNL.H but with the whole thing. Indeed, the symbol files record that the whole definition was available to URLMON.DLL through its source code’s inclusion of a header named ntexapi.h which Microsoft is not known ever to have published for non-Microsoft programmers.
However URLMON was built in the years when Microsoft’s compliance with the settlement was reviewed by—it might be hoped—competent regulators, URLMON evidently is built now with more system-level knowledge of Windows than Microsoft publishes even for kernel-mode device driver programmers. Do not tell me that there was not at Microsoft somewhere some time someone who enjoyed mocking the government and courts over what Microsoft got away with on this. (I say this as criticism of the government and courts very much more than of Microsoft.)
For no known reason, the public symbol files for URLMON in the 1803 release have no type information at all, but SYSTEM_INFORMATION_CLASS continues to be disclosed in other symbol files, e.g., for OLE32.DLL.
Much further back, it turns out that type information for the SYSTEM_INFORMATION_CLASS was disclosed in statically linked libraries that Microsoft distributed with early DDKs: a GDISRVL.LIB in the DDK for Windows NT 3.51; and SHELL32.LIB in the DDK for Windows NT 4.0. That the latter is otherwise just an import library for SHELL32.DLL suggests strongly that these disclosures were one-off oversights. Still, published they were.
Another statically linked library that helps fill some gaps is CLFSMGMT.LIB which Microsoft distributes with the Software Development Kit (SDK) for user-mode programming, starting with Windows Vista. This too was surely an oversight, but it’s as openly published as any other programming resource.
Of the very many defined cases, some can be used successfully only to query or only to set. Some can’t usefully be called either way—at least, not in all versions. The present purpose however is not to show which values are implemented non-trivially in which versions, but which values are defined in which versions, as much as can be known from material that Microsoft has published (whether intending a disclosure or not). For version 6.2 and higher, the type information in symbol files is surely definitive. The early form of type information that can be found in a few import libraries for versions 3.51 and 4.0 is here taken as definitive also, as is type information from CLFSMGMT.LIB for 32-bit versions 6.0 and 6.1, though all with some caution since libraries need not be built with exactly the same headers as were the operating systems that they target. What names are defined for other versions is something of a guess from trying to match the implementations in the binary code with the names as known from type information for other versions. Some of the resulting editorial decisions, mostly about the versions in between, i.e., 5.0 to 5.2, are explained after the table.
Some information classes were introduced or changed in service-pack releases. The following shorthands are used below:
As usual for this website, names that look to be undocumented are highlighted yellow. For information classes that are documented, I do not trouble over any finer shading of whether the documentation was available immediately. After all, for very few of these is the documentation anywhere near to looking even vaguely substantial enough to be worth having, whether contemporaneously or years late.
| Value | Name | Versions | Remarks |
|---|---|---|---|
| 0x00 | SystemBasicInformation | all | |
| 0x01 | SystemProcessorInformation | all | |
| 0x02 | SystemPerformanceInformation | all | |
| 0x03 | SystemTimeOfDayInformation | all | |
| 0x04 | SystemPathInformation | all | |
| 0x05 | SystemProcessInformation | all | |
| 0x06 | SystemCallCountInformation | all | |
| 0x07 | SystemDeviceInformation | all | |
| 0x08 | SystemProcessorPerformanceInformation | all | |
| 0x09 | SystemFlagsInformation | all | |
| 0x0A | SystemCallTimeInformation | all | |
| 0x0B | SystemModuleInformation | all | |
| 0x0C | SystemLocksInformation | all | |
| 0x0D | SystemStackTraceInformation | all | |
| 0x0E | SystemPagedPoolInformation | all | |
| 0x0F | SystemNonPagedPoolInformation | all | |
| 0x10 | SystemHandleInformation | all | |
| 0x11 | SystemObjectInformation | all | |
| 0x12 | SystemPageFileInformation | all | |
| 0x13 | SystemVdmInstemulInformation | all | |
| 0x14 | SystemVdmBopInformation | all | |
| 0x15 | SystemFileCacheInformation | all | |
| 0x16 | SystemPoolTagInformation | 3.50 and higher | |
| 0x17 | SystemSpare1Information | 3.50 only | supposed name |
| SystemInterruptInformation | 3.51 and higher | ||
| 0x18 | SystemSpare2Information | 3.50 only | supposed name |
| SystemDpcBehaviorInformation | 3.51 and higher | ||
| 0x19 | SystemSpare3Information | 3.50 to 3.51 | |
| SystemFullMemoryInformation | 4.0 and higher | ||
| 0x1A | SystemSpare4Information | 3.50 only | supposed name |
| SystemLoadGdiDriverInformation | 3.51 and higher | ||
| 0x1B | SystemSpare5Information | 3.50 only | supposed name |
| SystemUnloadGdiDriverInformation | 3.51 and higher | ||
| 0x1C | SystemTimeAdjustmentInformation | 3.50 and higher | |
| 0x1D | SystemSpare6Information | 3.50 to 3.51 | |
| SystemSummaryMemoryInformation | 4.0 and higher | ||
| 0x1E | SystemNextEventIdInformation | 3.50 to 4.0 | |
| unknown | 5.0 only | ||
| SystemMirrorMemoryInformation | 5.1 and higher | ||
| 0x1F | SystemEventIdsInformation | 3.50 to 4.0 | |
| unknown | 5.0 to 5.2 | ||
| SystemPerformanceTraceInformation | 6.0 and higher | ||
| 0x20 | SystemCrashDumpInformation | 3.50 to 5.0 | |
| SystemObsolete0 | 5.1 and higher | ||
| 0x21 | SystemExceptionInformation | 3.50 and higher | |
| 0x22 | SystemCrashDumpStateInformation | 3.50 and higher | |
| 0x23 | SystemKernelDebuggerInformation | 3.50 and higher | |
| 0x24 | SystemContextSwitchInformation | 3.50 and higher | |
| 0x25 | SystemRegistryQuotaInformation | 3.51 and higher | |
| 0x26 | SystemExtendServiceTableInformation | 3.51 and higher | |
| 0x27 | SystemPrioritySeperation | 3.51 and higher | |
| 0x28 | SystemPlugPlayBusInformation | 3.51 to 4.0 | |
| unknown | 5.0 only | ||
| SystemVerifierAddDriverInformation | 5.1 and higher | ||
| 0x29 | SystemDockInformation | 3.51 to 4.0 | |
| unknown | 5.0 only | ||
| SystemVerifierRemoveDriverInformation | 5.1 and higher | ||
| 0x2A | SystemPowerInformation | 3.51 to 5.0 | |
| SystemProcessorIdleInformation | 5.1 and higher | ||
| 0x2B | SystemProcessorSpeedInformation | 3.51 to 4.0 | |
| SystemLegacyDriverInformation | 5.0 and higher | ||
| 0x2C | SystemCurrentTimeZoneInformation | 4.0 and higher | |
| 0x2D | SystemLookasideInformation | 4.0 and higher | |
| 0x2E | SystemTimeSlipNotification | 5.0 and higher | |
| 0x2F | SystemSessionCreate | 5.0 and higher | |
| 0x30 | SystemSessionDetach | 5.0 and higher | |
| 0x31 | SystemSessionInformation | 5.0 and higher | |
| 0x32 | SystemRangeStartInformation | 5.0 and higher | |
| 0x33 | SystemVerifierInformation | 5.0 and higher | |
| 0x34 | SystemVerifierThunkExtend | 5.0 and higher | |
| 0x35 | SystemSessionProcessInformation | 5.0 and higher | |
| 0x36 | SystemObjectSecurityMode | late 5.0 only | later as 0x46 |
| SystemLoadGdiDriverInSystemSpace | 5.1 and higher | ||
| 0x37 | unknown | late 5.0 only | later as 0x47 |
| SystemNumaProcessorMap | 5.1 and higher | ||
| 0x38 | SystemPrefetcherInformation | 5.1 and higher | |
| 0x39 | SystemExtendedProcessInformation | 5.1 and higher | |
| 0x3A | SystemRecommendedSharedDataAlignment | 5.1 and higher | |
| 0x3B | SystemComPlusPackage | 5.1 and higher | |
| 0x3C | SystemNumaAvailableMemory | 5.1 and higher | |
| 0x3D | SystemProcessorPowerInformation | 5.1 and higher | |
| 0x3E | SystemEmulationBasicInformation | 5.1 and higher | |
| 0x3F | SystemEmulationProcessorInformation | 5.1 and higher | |
| 0x40 | SystemExtendedHandleInformation | 5.1 and higher | |
| 0x41 | SystemLostDelayedWriteInformation | 5.1 and higher | |
| 0x42 | unknown | late 5.1 only | |
| SystemBigPoolInformation | 5.2 and higher | ||
| 0x43 | SystemSessionPoolTagInformation | 5.2 and higher | |
| 0x44 | SystemSessionMappedViewInformation | 5.2 and higher | |
| 0x45 | SystemHotpatchInformation | late 5.1 and higher | |
| 0x46 | SystemObjectSecurityMode | late 5.1 and higher | earlier as 0x36 |
| 0x47 | unknown | late 5.1 only | earlier as 0x37 |
| SystemWatchdogTimerHandler | 5.2 and higher | ||
| 0x48 | SystemWatchdogTimerInformation | 5.2 and higher | |
| 0x49 | SystemLogicalProcessorInformation | very late 5.1 and higher | |
| 0x4A | SystemWow64SharedInformationObsolete | late 5.2 and higher | |
| 0x4B | SystemRegisterFirmwareTableInformationHandler | late 5.2 and higher | |
| 0x4C | SystemFirmwareTableInformation | late 5.2 and higher | |
| 0x4D | SystemModuleInformationEx | 6.0 and higher | |
| 0x4E | SystemVerifierTriageInformation | 6.0 and higher | |
| 0x4F | SystemSuperfetchInformation | 6.0 and higher | |
| 0x50 | SystemMemoryListInformation | 6.0 and higher | |
| 0x51 | SystemFileCacheInformationEx | late 5.2 and higher | |
| 0x52 | SystemThreadPriorityClientIdInformation | 6.0 and higher | |
| 0x53 | SystemProcessorIdleCycleTimeInformation | 6.0 and higher | |
| 0x54 | SystemVerifierCancellationInformation | 6.0 and higher | |
| 0x55 | SystemProcessorPowerInformationEx | 6.0 and higher | |
| 0x56 | SystemRefTraceInformation | 6.0 and higher | |
| 0x57 | SystemSpecialPoolInformation | 6.0 and higher | |
| 0x58 | SystemProcessIdInformation | 6.0 and higher | |
| 0x59 | SystemErrorPortInformation | 6.0 and higher | |
| 0x5A | SystemBootEnvironmentInformation | 6.0 and higher | |
| 0x5B | SystemHypervisorInformation | 6.0 and higher | |
| 0x5C | SystemVerifierInformationEx | 6.0 and higher | |
| 0x5D | SystemTimeZoneInformation | 6.0 and higher | |
| 0x5E | SystemImageFileExecutionOptionsInformation | 6.0 and higher | |
| 0x5F | SystemCoverageInformation | 6.0 and higher | |
| 0x60 | SystemPrefetchPatchInformation | 6.0 and higher | |
| 0x61 | SystemVerifierFaultsInformation | 6.0 and higher | |
| 0x62 | SystemSystemPartitionInformation | 6.0 and higher | |
| 0x63 | SystemSystemDiskInformation | 6.0 and higher | |
| 0x64 | SystemProcessorPerformanceDistribution | 6.0 and higher | |
| 0x65 | SystemNumaProximityNodeInformation | 6.0 and higher | |
| 0x66 | SystemDynamicTimeZoneInformation | 6.0 and higher | |
| 0x67 | SystemCodeIntegrityInformation | 6.0 and higher | |
| 0x68 | SystemProcessorMicrocodeUpdateInformation | 6.0 and higher | |
| 0x69 | SystemProcessorBrandString | late 6.0 and higher | |
| 0x6A | SystemVirtualAddressInformation | late 6.0 and higher | |
| 0x6B | SystemLogicalProcessorAndGroupInformation | 6.1 and higher | |
| 0x6C | SystemProcessorCycleTimeInformation | 6.1 and higher | |
| 0x6D | SystemStoreInformation | 6.1 and higher | |
| 0x6E | SystemRegistryAppendString | 6.1 and higher | |
| 0x6F | SystemAitSamplingValue | 6.1 and higher | |
| 0x70 | SystemVhdBootInformation | 6.1 and higher | |
| 0x71 | SystemCpuQuotaInformation | 6.1 and higher | |
| 0x72 | SystemNativeBasicInformation | 6.1 and higher | |
| 0x73 | SystemErrorPortTimeouts | 6.1 and higher | |
| 0x74 | SystemLowPriorityIoInformation | 6.1 and higher | |
| 0x75 | SystemBootEntropyInformation | 6.1 and higher | |
| 0x76 | SystemVerifierCountersInformation | 6.1 and higher | |
| 0x77 | SystemPagedPoolInformationEx | 6.1 and higher | |
| 0x78 | SystemSystemPtesInformationEx | 6.1 and higher | |
| 0x79 | SystemNodeDistanceInformation | 6.1 and higher | |
| 0x7A | SystemAcpiAuditInformation | 6.1 and higher | |
| 0x7B | SystemBasicPerformanceInformation | 6.1 and higher | |
| 0x7C | SystemQueryPerformanceCounterInformation | late 6.1 and higher | |
| 0x7D | SystemSessionBigPoolInformation | 6.2 and higher | |
| 0x7E | SystemBootGraphicsInformation | 6.2 and higher | |
| 0x7F | SystemScrubPhysicalMemoryInformation | 6.2 and higher | |
| 0x80 | SystemBadPageInformation | 6.2 and higher | |
| 0x81 | SystemProcessorProfileControlArea | 6.2 and higher | |
| 0x82 | SystemCombinePhysicalMemoryInformation | 6.2 and higher | |
| 0x83 | SystemEntropyInterruptTimingInformation | 6.2 and higher | |
| 0x84 | SystemConsoleInformation | 6.2 and higher | |
| 0x85 | SystemPlatformBinaryInformation | 6.2 and higher | |
| 0x86 | SystemThrottleNotificationInformation | 6.2 only | |
| SystemPolicyInformation | 6.3 and higher | ||
| 0x87 | SystemHypervisorProcessorCountInformation | 6.2 and higher | |
| 0x88 | SystemDeviceDataInformation | 6.2 and higher | |
| 0x89 | SystemDeviceDataEnumerationInformation | 6.2 and higher | |
| 0x8A | SystemMemoryTopologyInformation | 6.2 and higher | |
| 0x8B | SystemMemoryChannelInformation | 6.2 and higher | |
| 0x8C | SystemBootLogoInformation | 6.2 and higher | |
| 0x8D | SystemProcessorPerformanceInformationEx | 6.2 and higher | |
| 0x8E | SystemSpare0 | 6.2 to 1511 | |
| SystemCriticalProcessErrorLogInformation | 1607 and higher | ||
| 0x8F | SystemSecureBootPolicyInformation | 6.2 and higher | |
| 0x90 | SystemPageFileInformationEx | 6.2 and higher | |
| 0x91 | SystemSecureBootInformation | 6.2 and higher | |
| 0x92 | SystemEntropyInterruptTimingRawInformation | 6.2 and higher | |
| 0x93 | SystemPortableWorkspaceEfiLauncherInformation | 6.2 and higher | |
| 0x94 | SystemFullProcessInformation | 6.2 and higher | |
| 0x95 | SystemKernelDebuggerInformationEx | 6.3 and higher | |
| 0x96 | SystemBootMetadataInformation | 6.3 and higher | |
| 0x97 | SystemSoftRebootInformation | 6.3 and higher | |
| 0x98 | SystemElamCertificateInformation | 6.3 and higher | |
| 0x99 | SystemOfflineDumpConfigInformation | 6.3 and higher | |
| 0x9A | SystemProcessorFeaturesInformation | 6.3 and higher | |
| 0x9B | SystemRegistryReconciliationInformation | 6.3 and higher | |
| 0x9C | SystemEdidInformation | 6.3 and higher | |
| 0x9D | SystemManufacturingInformation | 10.0 and higher | |
| 0x9E | SystemEnergyEstimationConfigInformation | 10.0 and higher | |
| 0x9F | SystemHypervisorDetailInformation | 10.0 and higher | |
| 0xA0 | SystemProcessorCycleStatsInformation | 10.0 and higher | |
| 0xA1 | SystemVmGenerationCountInformation | 10.0 and higher | |
| 0xA2 | SystemTrustedPlatformModuleInformation | 10.0 and higher | |
| 0xA3 | SystemKernelDebuggerFlags | 10.0 and higher | |
| 0xA4 | SystemCodeIntegrityPolicyInformation | 10.0 and higher | |
| 0xA5 | SystemIsolatedUserModeInformation | 10.0 and higher | |
| 0xA6 | SystemHardwareSecurityTestInterfaceResultsInformation | 10.0 and higher | |
| 0xA7 | SystemSingleModuleInformation | 10.0 and higher | |
| 0xA8 | SystemAllowedCpuSetsInformation | 10.0 and higher | |
| 0xA9 | SystemDmaProtectionInformation | 10.0 and higher | |
| 0xAA | SystemInterruptCpuSetsInformation | 10.0 and higher | |
| 0xAB | SystemSecureBootPolicyFullInformation | 10.0 and higher | |
| 0xAC | SystemCodeIntegrityPolicyFullInformation | 10.0 and higher | |
| 0xAD | SystemAffinitizedInterruptProcessorInformation | 10.0 and higher | |
| 0xAE | SystemRootSiloInformation | 10.0 and higher | |
| 0xAF | SystemCpuSetInformation | 10.0 and higher | |
| 0xB0 | SystemCpuSetTagInformation | 10.0 and higher | |
| 0xB1 | SystemWin32WerStartCallout | 1511 and higher | |
| 0xB2 | SystemSecureKernelProfileInformation | 1511 and higher | |
| 0xB3 | SystemCodeIntegrityPlatformManifestInformation | 1607 and higher | |
| 0xB4 | SystemInterruptSteeringInformation | 1607 and higher | |
| 0xB5 | SystemSuppportedProcessorArchitectures | 1607 and higher | |
| 0xB6 | SystemMemoryUsageInformation | 1607 and higher | |
| 0xB7 | SystemCodeIntegrityCertificateInformation | 1607 and higher | |
| 0xB8 | SystemPhysicalMemoryInformation | 1703 and higher | |
| 0xB9 | SystemControlFlowTransition | 1703 and higher | |
| 0xBA | SystemKernelDebuggingAllowed | 1703 and higher | |
| 0xBB | SystemActivityModerationExeState | 1703 and higher | |
| 0xBC | SystemActivityModerationUserSettings | 1703 and higher | |
| 0xBD | SystemCodeIntegrityPoliciesFullInformation | 1703 and higher | |
| 0xBE | SystemCodeIntegrityUnlockInformation | 1703 and higher | |
| 0xBF | SystemIntegrityQuotaInformation | 1703 and higher | |
| 0xC0 | SystemFlushInformation | 1703 and higher | |
| 0xC1 | SystemProcessorIdleMaskInformation | 1709 and higher | |
| 0xC2 | SystemSecureDumpEncryptionInformation | 1709 and higher | |
| 0xC3 | SystemWriteConstraintInformation | 1709 and higher | |
| 0xC4 | SystemKernelVaShadowInformation | 1803 and higher | |
| 0xC5 | SystemHypervisorSharedPageInformation | 1803 and higher | |
| 0xC6 | SystemFirmwareBootPerformanceInformation | 1803 and higher | |
| 0xC7 | SystemCodeIntegrityVerificationInformation | 1803 and higher | |
| 0xC8 | SystemFirmwarePartitionInformation | 1803 and higher | |
| 0xC9 | SystemSpeculationControlInformation | 1803 and higher | |
| 0xCA | SystemDmaGuardPolicyInformation | 1803 and higher | |
| 0xCB | SystemEnclaveLaunchControlInformation | 1803 and higher | |
| 0xCC | SystemWorkloadAllowedCpuSetsInformation | 1809 and higher | |
| 0xCD | SystemCodeIntegrityUnlockModeInformation | 1809 and higher | |
| 0xCE | SystemLeapSecondInformation | 1809 and higher | |
| 0xCF | SystemFlags2Information | 1809 and higher | |
| 0xD0 | SystemSecurityModelInformation | 1903 and higher | |
| 0xD1 | SystemCodeIntegritySyntheticCacheInformation | 1903 and higher | |
| 0xD2 | SystemFeatureConfigurationInformation | 2004 and higher | |
| 0xD3 | SystemFeatureConfigurationSectionInformation | 2004 and higher | |
| 0xD4 | SystemFeatureUsageSubscriptionInformation | 2004 and higher | |
| 0xD5 | SystemSecureSpeculationControlInformation | 2004 and higher | |
| 0x69 (6.0); 0x6B (late 6.0); 0x7C (6.1); 0x7D (late 6.1); 0x95 (6.2); 0x9D (6.3); 0xB1 (10.0); 0xB3 (1511); 0xB8 (1607); 0xC1 (1703); 0xC4 (1709); 0xCC (1803); 0xD0 (1809); 0xD2 (1903); 0xD6 |
MaxSystemInfoClass |
Though SystemCallTimeInformation (0x0A) is shown above as original, it is invalid in version 3.10. It plausibly was not yet named or had some other name to mark it explicitly as spare or perhaps was implemented only in debug builds or even in private builds that Microsoft kept for its own testing during development. Version 3.50 changes it from invalid to not implemented, i.e., so that it returns STATUS_NOT_IMPLEMENTED instead of STATUS_INVALID_INFO_CLASS, which is how it remains even now. This is here taken to mean that if it was not yet defined for version 3.10 then it was for 3.50. That information classes can be defined even when invalid is established by SystemVdmBopInformation (0x14), which appears in type information both old and new even though the information class is invalid in all known versions.
On the other hand, type information for version 3.51 establishes that Microsoft did have a naming scheme to indicate explicitly that an invalid information class is spare. The numbering in the known names SystemSpare3Information (0x19) and SystemSpare6Information (0x1D) of information classes that were still invalid in version 3.51 is naturally explained by hypothesising SystemSpare1Information (0x17), SystemSpare2Information (0x18), SystemSpare4Information (0x1A) and SystemSpare5Information (0x1B) for nearby information classes that have non-trivial implementations (and meaningful names) in version 3.51 but which the version 3.50 rejects as invald.
Exactly when SystemNextEventIdInformation (0x1E) and SystemEventIdsInformation (0x1F) got new names is unclear. That they had these names for versions 3.51 and 4.0 is certain from type information, but both are explicitly not implemented in versions 3.50 to 4.0. Version 5.0 changed both to invalid. Non-trivial implementations came with version 6.0 and are consistent with names that are known from type information. But while invalid did they retain their old names, or get spare names, or no names at all, or get the new names ahead of a released implementation?
Contrast with SystemCrashDumpInformation (0x20) which never has been reassigned since it was made invalid in version 5.1. It is known to have been renamed to SystemObsolete0 in time for version 6.0, but exactly when is not known.
The spelling of SystemPrioritySeperation (0x27) is Microsoft’s.
Though both SystemPlugPlayBusInformation (0x28) and SystemDockInformation (0x29) are explicitly not implemented in versions 3.51 and 4.0, these names have the certainty of type information. Version 5.0 re-implemented them as invalid until new use was found in version 5.1. What they were named meanwhile is not known. Similar considerations apply to SystemPowerInformation (0x2A) except that this information class is invalid even in the versions 3.51 and 4.0 for which the name is known. It is still invalid in version 5.0, and so the name is thought to have persisted.
The information class SystemSessionInformation (0x31) is another that is invalid in all known versions. Its known name for version 6.0 and higher is here thought to be contemporaneous with the nearby information classes that also deal with sessions.
Information classes 0x36 and 0x37 are valid in the version 5.0 from Windows 2000 SP4 but their implementations do not match the names that are known from later type information. They do instead match the later SystemObjectSecurityMode (0x46) and the trivially successful information class 0x47 as implemented in the version 5.1 from Windows XP SP2. It is here thought that the additions for Windows XP SP2 were appended to the Windows 2000 enumeration when back-fitting to the roughly contemporaneous Windows 2000 SP4. Whether the diferent numbering for different versions was intended or is just a side-effect of carelessly writing a conditional compilation block is not known.
Information class 0x42 cannot be SystemBigPoolInformation before version 5.2. It becomes valid in the version 5.1 from Windows XP SP2 but as an alias for SystemObjectSecurityMode (0x46).
The change of name for case 0x86 is what’s shown in the symbol files. The implementation in version 6.2 is consistent with SystemPolicyInformation in subsequent versions. The original name, SystemThrottleNotificationInformation, at best remains from some other use that was dropped during development.
It is not known when Microsoft started ending the enumeration with MaxSystemInfoClass. The name is established in the type information for version 6.0 and higher but is absent from type information for versions 3.51 and 4.0.