MI_SYSTEM_VA_STATE

The MI_SYSTEM_VA_STATE structure (formally _MI_SYSTEM_VA_STATE) is known only as the type of the SystemVa member of the MI_SYSTEM_INFORMATION, which is in turn the type of the internal variable MiState in the Windows 10 kernel.

As a collection of what earlier versions had as separately named internal variables, the MI_SYSTEM_VA_STATE is highly susceptible to changing between builds.

Version	Size (x86)	Size (x64)
10.0 to 1511	0x14C0	0x02C0
1607	0x14C0	0x0300
1703	0x1500	0x0380
1709	0x1500	0x03C0
1803 to 1809	0x2740	0x0500
1903	0x2740	0x0480
2004	0x2740	0x04C0

These sizes and the offsets, names and types in the table below are from type information in the public symbol files for the kernel.

Offset (x86)	Offset (x64)	Definition	Versions	Remarks
0x00	0x00	ULONG_PTR SystemTablesLock;	10.0 and higher
0x04		ULONG SystemVaBias;	10.0 and higher
0x08		ULONG SystemAvailableVaLow;	10.0 and higher
0x0C		ULONG VirtualBias;	10.0 and higher
0x10 (10.0 to 1511)		PVOID HyperSpaceEnd;	10.0 to 1511	next at 0x1418
0x14 (10.0 to 1511); 0x10 (1607)		MMPTE *HyperSpaceEndPte;	10.0 to 1607
0x18 (10.0 to 1511); 0x14 (1607); 0x10		PVOID SystemRangeStart;	10.0 and higher
0x1C (10.0 to 1511); 0x18 (1607); 0x14		UCHAR SystemCachePdeCount [0x0400];	10.0 and higher
0x041C (10.0 to 1511); 0x0418 (1607); 0x0414		PVOID SystemCacheReverseMaps [0x0400];	10.0 and higher
	0x08	ULONGLONG AvailableSystemCacheVa;	10.0 and higher
	0x10	MI_DYNAMIC_BITMAP DynamicBitMapKernelStacks;	1709 and higher
	0x10 (10.0 to 1703); 0x58	MI_DYNAMIC_BITMAP DynamicBitMapSystemPtes;	10.0 and higher
	0x60 (10.0 to 1607); 0x58 (1703); 0xA0	MI_DYNAMIC_BITMAP DynamicBitMapDriverImages [2];	10.0 and higher
	0x0100 (10.0 to 1607); 0xE8 (1703); 0x0130	MI_DYNAMIC_BITMAP DynamicBitMapPagedPool;	10.0 and higher
	0x0150 (10.0 to 1607); 0x0130 (1703); 0x0178 (1709 to 1809)	MI_DYNAMIC_BITMAP DynamicBitMapSpecialPool;	10.0 to 1607
	0x0150 (10.0 to 1607); 0x0130 (1703); 0x0178 (1709 to 1809)	MI_DYNAMIC_BITMAP DynamicBitMapSpecialPool [2];	1703 to 1809
	0x01A0 (10.0 to 1607); 0x01C0 (1703); 0x0208 (1709 to 1809); 0x0178	MI_DYNAMIC_BITMAP DynamicBitMapSystemCache;	10.0 and higher
	0x01C0	MI_DYNAMIC_BITMAP DynamicBitMapSecureNonPagedPool;	2004 and higher
	0x0208 (1703); 0x0250 (1709 to 1809); 0x01C0 (1903); 0x0208	PVOID HalPrivateVaStart;	1703 and higher
	0x0210 (1703); 0x0258 (1709 to 1809); 0x01C8 (1903); 0x0210	ULONGLONG HalPrivateVaSize;	1703 and higher
	0x01F0 (10.0 to 1607); 0x0218 (1703); 0x0260 (1709 to 1809); 0x01D0 (1903); 0x0218	ULONG SystemVaAssignment [8];	1607 and higher
	0x0210 (10.0 to 1607); 0x0238 (1703); 0x0280 (1709 to 1809); 0x01F0 (1903); 0x0238	ULONG SystemVaAssignmentHint;	1607 and higher
0x1414		MI_SYSTEM_REGION_REFERENCE VaRegion [0x0400];	1803 and higher
0x2414	0x0284 (1803 to 1809); 0x01F4 (1903); 0x023C	ULONG TopLevelPteLockBits [0x80];	1803 and higher (x86)
0x2414	0x0284 (1803 to 1809); 0x01F4 (1903); 0x023C	ULONG TopLevelPteLockBits [0x20];	1803 and higher (x64)
0x2614		ULONG TopLevelPteAlternateLockBits [4];	1803 and higher
0x1414 (1703 to 1709); 0x2624	0x023C (1703); 0x0284 (1709); 0x0304 (1803 to 1809); 0x0274 (1903); 0x02BC	LONG volatile DeleteKvaLock;	1703 and higher	previously at 0x143C and 0x0258
0x1418 (1703 to 1709); 0x2628	0x0240 (1703); 0x0288 (1709); 0x0308 (1803 to 1809); 0x0278 (1903); 0x02C0	MI_WSLE *WsleArrays [5];	1703 to 1709
0x1418 (1703 to 1709); 0x2628		MI_WSLE *WsleArrays [8];	1803 and higher
0x142C (1703 to 1709); 0x2648	0x0268 (1703); 0x02B0 (1709); 0x0348 (1803 to 1809); 0x02B8 (1903); 0x0300	MI_HYPER_SPACE *PagableHyperSpace;	1703 and higher
0x1418 (1607); 0x1430 (1703 to 1709); 0x264C	0x0218 (1607); 0x0270 (1703); 0x02B8 (1709); 0x0350 (1803 to 1809); 0x02C0 (1903); 0x0308	PVOID HyperSpaceEnd;	1607 and higher	previously at 0x10 (x86)
0x141C (10.0 to 1607)	0x01F0 (10.0 to 1511); 0x0220 (1607)	MMWSLE_HASH *WorkingSetListHashStart;	10.0 to 1607
0x1420 (10.0 to 1607)	0x01F8 (10.0 to 1511); 0x0228 (1607)	MMWSLE_HASH *WorkingSetListHashEnd;	10.0 to 1607
0x1424 (10.0 to 1607)	0x0200 (10.0 to 1511); 0x0230 (1607)	MMWSLE_NONDIRECT_HASH *WorkingSetListIndirectHashStart;	10.0 to 1607
0x2650	0x02C8 (1903); 0x0310	ULONG_PTR PagableHyperSpaceBytes;	1903 and higher
	0x02D0 (1903); 0x0318	ULONGLONG PageTableCommitmentOffset [2];	1903 and higher
0x1428 (10.0 to 1607); 0x1434 (1703 to 1709); 0x2650 (1803 to 1809); 0x2654	0x0208 (10.0 to 1511); 0x0238 (1607); 0x0278 (1703); 0x02C0 (1709); 0x0358 (1803 to 1809); 0x02E0 (1903); 0x0328	KEVENT FreeSystemCacheVa;	10.0 and higher
0x1438 (10.0 to 1607); 0x1444 (1703 to 1709); 0x2660 (1803 to 1809); 0x2664	0x0220 (10.0 to 1511); 0x0250 (1607); 0x0290 (1703); 0x02D8 (1709); 0x0370 (1803 to 1809); 0x02F8 (1903); 0x0340	ULONG_PTR SystemVaLock;	10.0 and higher
0x143C (10.0 to 1607)	0x0228 (10.0 to 1511); 0x0258 (1607)	LONG volatile DeleteKvaLock;	10.0 to 1607	next at 0x1414 and 0x023C
0x1440 (10.0 to 1607)	0x0230 (10.0 to 1511); 0x0260 (1607)	MI_PTE_CHAIN_HEAD FreeSystemCache;	10.0 to 1607
0x1458 (10.0 to 1607); 0x1448 (1703 to 1709); 0x2664 (1803 to 1809); 0x2668	0x0248 (10.0 to 1511); 0x0278 (1607); 0x0298 (1703); 0x02E0 (1709); 0x0378 (1803 to 1809); 0x0300 (1903); 0x0348	ULONG_PTR SystemCacheViewLock;	10.0 and higher
0x145C (1607)	0x0280 (1607)	EX_PUSH_LOCK SystemCacheInitLock;	1607 only
0x145C (10.0 to 1511); 0x1460 (1607)	0x0250 (10.0 to 1511); 0x0288 (1607)	ULONG_PTR UnusableWsles [5];	10.0 to 1607
0x1470 (10.0 to 1511); 0x1474 (1607)	0x0278 (10.0 to 1511); 0x02B0 (1607)	ULONG_PTR PossibleWsles [5];	10.0 to 1607
0x1488 (1607)	0x02D8 (1607)	MMSUPPORT_INSTANCE *SystemWs [3];	1607 only
0x144C (1703 to 1709); 0x2668 (1803 to 1809); 0x266C	0x02A0 (1703); 0x02E8 (1709); 0x0380 (1803 to 1809); 0x0308 (1903); 0x0350	MMWSL_INSTANCE SystemWorkingSetList [5];	1703 to 1709
0x144C (1703 to 1709); 0x2668 (1803 to 1809); 0x266C		MMWSL_INSTANCE SystemWorkingSetList [8];	1803 and higher
	0x04C0 (1803 to 1809); 0x0448 (1903); 0x0490	ULONGLONG SelfmapLock [4];	1803 and higher