Demystifying new Windows 7 System Information Classes
This post is the first of a serie of articles/blogposts about new System Information Class under Windows 7 (32bits ATM) used by both NtQuerySystemInformation and extended version of this API called NtQuerySystemInformationEx introduced in Windows 7 and Windows 2008 R2.
First of all, here is the prototype of these functions.
NTSTATUS (WINAPI *NtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS SystemInformationClass,
PULONG QueryType,
ULONG Alignment,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength);NTSTATUS (WINAPI *NtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength);
As you can see there is two further arguments in NtQuerySystemInformationEx: QueryType and Alignment.
And here are new (and undocumented) system information classes added to Windows 7 that will be discussed in next blogposts.
typedef enum _SYSTEM_INFORMATION_CLASS
{
// NtQueryEx
SystemLogicalProcessorAndGroupInformation = 107,
SystemLogicalGroupInformation = 108,SystemStoreInformation = 109,
SystemVhdBootInformation = 112,
SystemCpuQuotaInformation = 113,// Removed in build 7100
SystemHardwareCountersInformation = 115, // uses KeQueryHardwareCounterConfiguration() insteadSystemLowPriorityInformation = 116,
SystemTpmBootEntropyInformation = 117,
SystemVerifierInformation = 118,// NtQueryEx
SystemNumaNodesInformation = 121,
//
// Added in build 7100
//
SystemHalInformation = 122, // 8 bytes size
SystemCommittedMemoryInformation = 123,
MaxSystemInfoClass = 124
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
PS. For interested people the first issue of the Debugged! MZ/PE: MagaZine is available on Amazon.
Edit: SYSTEM_INFORMATION_CLASS structure updated in build 7100.
