Geoff Chappell, Software Analyst
The SYSTEM_TIMEOFDAY_INFORMATION structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemTmeOfDayInformation (0x03).
The SYSTEM_TIMEOFDAY_INFORMATION structure is defined in WINTERNL.H from the Software Development Kit (SDK). The definition there has the whole structure as one array of bytes, named Reserved1. Documentation of NtQuerySystemInformation describes the structure as “opaque” and suggests that whatever is produced in it for the SystemTimeOfDayInformation case “can be used to generate an unpredictable seed for a random number generator.”
Microsoft does publish the practical equivalent of a C-language definition as type information in public symbol files, though not for the kernel, where the structure is prepared, nor even for low-level user-mode DLLs that interpret the structure, but for various higher-level user-mode DLLs such as URLMON.DLL and only then starting with version 6.2.
Two earlier disclosures of type information are known, though not in symbol files but in statically linked libraries: GDISRVL.LIB from the Device Driver Kit (DDK) for Windows NT 3.51; and SHELL32.LIB from the DDK for Windows NT 4.0.
The SYSTEM_TIMEOFDAY_INFORMATION is 0x30 bytes in both 32-bit and 64-bit Windows 10.
|last member in 3.51;
last member in 4.0
This is the structure for Windows 10. Earlier versions are known for which the structure is 0x20 bytes.