WMI_BUFFER_STATE

The WMI_BUFFER_STATE structure (formally _WMI_BUFFER_STATE) is thought to have existed only as a structure of bit fields in union with the Flags at offset 0x2C in the WMI_BUFFER_HEADER. Even for this purpose it is known only in versions 5.1 and 5.2. It was replaced by an enumeration, the ETW_BUFFER_STATE, in Windows Vista.

The WMI_BUFFER_STATE is four bytes in both 32-bit and 64-bit Windows. Names and types are known from public symbol files for the kernel from Windows XP SP3 and Windows Server 2003 SP2, and no earlier.

Mask Definition Versions
0x00000001 
ULONG Free : 1;
 5.1 to 5.2
0x00000002 
ULONG InUse : 1;
 5.1 to 5.2
0x00000004 
ULONG Flush : 1;
 5.1 to 5.2
  
ULONG Unused : 29;
 5.1 to 5.2

This page was created on 23rd October 2022 from material that was first published on 27th November 2016.

Copyright © 2016-2022. Geoff Chappell. All rights reserved. Conditions apply.