MI_SYSTEM_INFORMATION

The MI_SYSTEM_INFORMATION structure (formally _MI_SYSTEM_INFORMATION) is not just one of the largest that the kernel works with. It’s also arguably the most important of all structures to know for any kernel-mode debugging of Windows 10 that touches on memory management. The reason is that where earlier Windows versions have numerous internal variables for memory management, all (or most) of them showing plainly when debugging with public symbols, Windows 10 turns very many of them into members of the one internal variable, named MiState, with the side-effect that they show much less plainly. The MI_SYSTEM_INFORMATION is this variable’s type.

Variability

As a collection of what had been internal variables, the MI_SYSTEM_INFORMATION is highly susceptible to changing between builds. Almost all of the change from one build to the next is within substructures. Seen just at the immediate level of the structure’s own members, there have only been one addition, two removals and one relocation (this last to recover ten bytes of alignment space in the 64-bit builds). Still, very few of the members, let alone of members of members, keep their offsets from one build to the next. The following changes of size give a rough indication of the structure’s variability:

Version Size (x86) Size (x64)
10.0 to 1511 0x3CC0 0x1BC0
1607 0x3D80 0x1EC0
1703 0x3B00 0x1B40
1709 0x3BC0 0x1B00
1803 0x4FC0 0x2080
1809 0x50C0 0x3180
1903 0x4E40 0x3100
2004 0x4E80 0x3280

It is no accident that the size is always a multiple of 0x40: cache alignment is plainly a consideration for many of the members and substructures.

Layout

The sizes in the preceding table and the names and types in the next are from type information in the public symbol files for the kernel.

Offset (x86) Offset (x64) Definition Versions Remarks
0x00 0x00 
MI_POOL_STATE Pools;
 10.0 and higher  
0x0500 (10.0 to 1809);
0x0080 		0x0100 (1511 to 1709);
0x0180 (1803 to 1809);
0x00C0 
MI_SECTION_STATE Sections;
 10.0 and higher  
0x0640 (10.0 to 1803);
0x0680 (1809);
0x0200
0x0380 (10.0 to 1607);
0x0340 (1703);
0x0380 (1709);
0x0400 (1803);
0x04C0 (1809);
0x0400 
MI_SYSTEM_IMAGE_STATE SystemImages;
 10.0 and higher  
0x06A4 (10.0);
0x06AC (1511 to 1709);
0x06B0 (1803);
0x06F0 (1809);
0x025C (1903);
0x0264
0x0430 (10.0);
0x0440 (1511 to 1607);
0x03F8 (1703);
0x0438 (1709);
0x04C0 (1803);
0x0580 (1809);
0x04A0 (1903);
0x04A8 
MI_SESSION_STATE Sessions;
 10.0 and higher  
0x16E0 (10.0);
0x16E8 (1511);
0x16F0 (1607);
0x16E8 (1703 to 1709);
0x16F0 (1803);
0x1730 (1809);
0x1290 (1903);
0x12B0 		0x04C0 (10.0);
0x04D0 (1511);
0x04E0 (1607);
0x0480 (1703);
0x04C0 (1709);
0x0548 (1803);
0x1608 (1809);
0x1520 (1903);
0x1550 
MI_PROCESS_STATE Processes;
 10.0 and higher  
0x1750 (10.0);
0x1758 (1511);
0x1760 (1607);
0x1740 (1703);
0x1748 (1709);
0x1758 (1803);
0x17C0 (1809);
0x1300 (1903);
0x1340 		0x0520 (10.0);
0x0530 (1511);
0x0540 (1607);
0x04B0 (1703);
0x04F8 (1709);
0x0590 (1803);
0x1680 (1809);
0x1580 (1903);
0x15C0 
MI_HARDWARE_STATE Hardware;
 10.0 and higher  
0x1800 (10.0 to 1511);
0x1840 (1607);
0x1800 (1703);
0x1840 (1709 to 1803);
0x1940 (1809);
0x1480
0x0600 (10.0 to 1511);
0x0640 (1607);
0x05C0 (1703);
0x0600 (1709);
0x0700 (1803);
0x1800 (1809);
0x1740 (1903);
0x1780 
MI_SYSTEM_VA_STATE SystemVa;
 10.0 and higher  
0x2CC0 (10.0 to 1511);
0x2D00 (1703);
0x2D40 (1709);
0x3F80 (1803);
0x4080 (1809);
0x3BC0 		0x08C0 (10.0 to 1511);
0x0940 (1703);
0x09C0 (1709);
0x0C00 (1803);
0x1D00 (1809);
0x1BC0 (1903);
0x1C40 
MI_COMBINE_STATE PageCombines;
 10.0 and higher  
0x2D18 (1607 to 1703);
0x2D58 (1709);
0x3F98 (1803);
0x4098 (1809);
0x3BE0 		0x0AE0 (1607 to 1703);
0x09D8 (1709);
0x0C18 (1803);
0x1D18 (1809);
0x1BE0 (1903);
0x1C60 
MI_PAGELIST_STATE PageLists;
 1607 and higher  
0x2CD8 (10.0 to 1511);
0x2D20 (1607 to 1703);
0x2D60 (1709);
0x3FB0 (1803);
0x40B0 (1809);
0x3BF8 		0x0A60 (10.0 to 1511);
0x0AF0 (1607 to 1703);
0x09E8 (1709);
0x0C40 (1803);
0x1D40 (1809);
0x1C40 (1903);
0x1CC0 
MI_PARTITION_STATE Partitions;
 10.0 and higher  
0x2D08 (10.0);
0x2D10 (1511);
0x2D58 (1607 to 1703);
0x2D98 (1709);
0x3FE8 (1803);
0x40E8 (1809);
0x3C30 		0x0AB8 (10.0);
0x0AC0 (1511);
0x0B50 (1607 to 1703);
0x0A48 (1709);
0x0CA0 (1803);
0x1DA0 (1809);
0x1D00 (1903);
0x1D80 
MI_SHUTDOWN_STATE Shutdowns;
 10.0 and higher  
0x2D58 (10.0 to 1511);
0x2DA0 (1607 to 1703);
0x2DE0 (1709);
0x4030 (1803);
0x4130 (1809);
0x3C78 		0x0B38 (10.0);
0x0B40 (1511);
0x0BD0 (1607);
0x0BC8 (1703);
0x0AC0 (1709);
0x0D18 (1803);
0x1E18 (1809);
0x1D78 (1903);
0x1DF8 
MI_ERROR_STATE Errors;
 10.0 and higher  
0x2E00 (10.0 to 1511);
0x2E80 (1607 to 1703);
0x2EC0 (1709);
0x4100 (1803);
0x4200 (1809);
0x3D40 		0x0C00 (10.0 to 1511);
0x0CC0 (1607);
0x0C80 (1703);
0x0B80 (1709);
0x0E00 (1803);
0x1F00 (1809);
0x1E40 (1903);
0x1EC0 
MI_ACCESS_LOG_STATE AccessLog;
 10.0 and higher  
0x2E80 (10.0 to 1511);
0x2F00 (1607 to 1703);
0x2F40 (1709);
0x4180 (1803);
0x4280 (1809);
0x3DC0 		0x0C80 (10.0 to 1511);
0x0D40 (1607);
0x0D00 (1703);
0x0C00 (1709);
0x0E80 (1803);
0x1F80 (1809);
0x1EC0 (1903);
0x1F40 
MI_DEBUGGER_STATE Debugger;
 10.0 and higher  
0x2F40 (10.0 to 1511);
0x2FC0 (1607);
0x2F90 (1703);
0x2FD0 (1709);
0x4210 (1803);
0x4310 (1809);
0x3E50 		0x0DC0 (10.0 to 1511);
0x0E80 (1607);
0x0E20 (1703);
0x0D20 (1709);
0x0FA0 (1803);
0x20A0 (1809);
0x1FE0 (1903);
0x2060 
MI_STANDBY_STATE Standby;
 10.0 and higher  
0x2FC0 (10.0 to 1511);
0x3040 (1607);
0x3000 (1703);
0x3040 (1709);
0x4280 (1803);
0x4380 (1809);
0x3EC0 		0x0E80 (10.0 to 1511);
0x0F40 (1607);
0x0EC0 (1703);
0x0DC0 (1709);
0x1040 (1803);
0x2140 (1809);
0x2080 (1903);
0x2100 
MI_SYSTEM_PTE_STATE SystemPtes;
 10.0 and higher  
0x3140 (10.0 to 1511);
0x31C0 (1607);
0x3140 (1703);
0x31C0 (1709);
0x4400 (1803);
0x4500 (1809);
0x4040 		0x1000 (10.0 to 1511);
0x1100 (1607);
0x1040 (1703);
0x1000 (1709);
0x1240 (1803);
0x2340 (1809);
0x2280 (1903);
0x2300 
MI_IO_PAGE_STATE IoPages;
 10.0 and higher  
0x3178 (10.0 to 1511);
0x3200 (1607);
0x3180 (1703);
0x3200 (1709);
0x4440 (1803);
0x4540 (1809);
0x4080 		0x1060 (10.0 to 1511);
0x1170 (1607);
0x10B0 (1703);
0x1070 (1709);
0x12B0 (1803);
0x23B0 (1809);
0x22F0 (1903);
0x2370 
MI_PAGING_IO_STATE PagingIo;
 10.0 and higher  
0x31B0 (10.0 to 1511);
0x3238 (1607);
0x31B8 (1703);
0x3238 (1709);
0x4478 (1803);
0x4578 (1809);
0x40B8 (1903);
0x40E0 		0x10B0 (10.0 to 1511);
0x11C0 (1607);
0x1100 (1703);
0x10C0 (1709);
0x1300 (1803);
0x2400 (1809);
0x2340 (1903);
0x2420 
MI_COMMON_PAGE_STATE CommonPages;
 10.0 and higher  
0x3200 (10.0 to 1511);
0x3280 (1607);
0x3200 (1703);
0x3280 (1709);
0x44C0 (1803);
0x45C0 (1809);
0x4100 (1903);
0x4140 		0x1140 (10.0);
0x1180 (1511);
0x1280 (1607);
0x11C0 (1703);
0x1180 (1709);
0x13C0 (1803);
0x24C0 (1809);
0x2400 (1903);
0x2500 
MI_SYSTEM_TRIM_STATE Trims;
 10.0 and higher  
0x3240 (10.0 to 1511);
0x32C0 (1607) 		0x1180 (10.0);
0x11C0 (1511);
0x12C0 (1607) 
MI_RESAVAIL_TRACKER ResTrack;
 10.0 to 1607  
0x4180 0x2540 
MI_ENCLAVE_STATE Enclaves;
 2004 and higher  
0x3440 (10.0 to 1511);
0x34C0 (1607);
0x3240 (1703);
0x32C0 (1709);
0x4500 (1803);
0x4600 (1809);
0x4140 (1903);
0x41A4 		0x1540 (10.0 to 1511);
0x1640 (1607);
0x1200 (1703);
0x11C0 (1709);
0x1400 (1803);
0x2500 (1809);
0x2440 (1903);
0x2588 
ULONG_PTR Cookie;
 10.0 and higher  
0x3444 (10.0 to 1511);
0x34C4 (1607) 		0x1548 (10.0 to 1511);
0x1648 (1607) 
LONG volatile ZeroingDisabled;
 10.0 to 1607 next at 0x3248 and 0x1210
0x3448 (10.0 to 1511);
0x34C8 (1607);
0x3244 (1703);
0x32C4 (1709);
0x4504 (1803);
0x4604 (1809);
0x4144 (1903);
0x41A8 		0x1550 (10.0 to 1511);
0x1650 (1607);
0x1208 (1703);
0x11C8 (1709);
0x1408 (1803);
0x2508 (1809);
0x2448 (1903);
0x2590 
PVOID volatile *BootRegistryRuns;
 10.0 and higher  
0x3248 (1703);
0x32C8 (1709);
0x4508 (1803);
0x4608 (1809);
0x4148 (1903);
0x41AC 		0x1210 (1703);
0x11D0 (1709);
0x1410 (1803);
0x2510 (1809);
0x2450 (1903);
0x2598 
LONG volatile ZeroingDisabled;
 1703 and higher previously at 0x34C4 and 0x1648
0x344C (10.0 to 1511);
0x34CC (1607);
0x324C (1703);
0x32CC (1709);
0x450C (1803);
0x460C (1809);
0x414C (1903);
0x41B0 		0x1558 (10.0 to 1511);
0x1658 (1607);
0x1214 (1703);
0x11D4 (1709);
0x1414 (1803);
0x2514 (1809);
0x2454 (1903);
0x259C 
BOOLEAN FullyInitialized;
 10.0 and higher  
0x344D (10.0 to 1511);
0x34CD (1607);
0x324D (1703);
0x32CD (1709);
0x450D (1803);
0x460D (1809);
0x414D (1903);
0x41B1 		0x1559 (10.0 to 1511);
0x1659 (1607);
0x1215 (1703);
0x11D5 (1709);
0x1415 (1803);
0x2515 (1809);
0x2455 (1903);
0x259D 
BOOLEAN SafeBooted;
 10.0 and higher  
0x3450 (10.0 to 1511) 0x1560 (10.0 to 1511) 
RTL_BITMAP LargePfnBitMap;
 10.0 to 1511  
0x3458 (10.0 to 1511);
0x34D0 (1607);
0x3250 (1703);
0x32D0 (1709);
0x4510 (1803);
0x4610 (1809);
0x4150 (1903);
0x41B4 		  
RTL_BITMAP PfnBitMap;
 10.0 and higher  
0x3460 (10.0 to 1511);
0x34D8 (1607);
0x3258 (1703);
0x32D8 (1709);
0x4518 (1803);
0x4618 (1809);
0x4158 (1903);
0x41BC 		0x1570 (10.0 to 1511);
0x1660 (1607);
0x1218 (1703);
0x11D8 (1709);
0x1418 (1803);
0x2518 (1809);
0x2458 (1903);
0x25A0 
struct _TlgProvider_t const *TraceLogging;
 10.0 and higher  
0x3480 (10.0 to 1511);
0x3500 (1607);
0x3280 (1703);
0x3300 (1709);
0x4540 (1803);
0x4640 (1809);
0x4180 (1903);
0x41C0 		0x1580 (10.0 to 1511);
0x1680 (1607);
0x1240 (1703);
0x1200 (1709);
0x1440 (1803);
0x2540 (1809);
0x2480 (1903);
0x25C0 
MI_VISIBLE_STATE Vs;
 10.0 and higher  

This page was created on 6th May but was not published until 26th May 2019. It was last modified on 7th August 2022.

Copyright © 2019-2022. Geoff Chappell. All rights reserved. Conditions apply.