MI_SYSTEM_INFORMATION

The MI_SYSTEM_INFORMATION structure is not just one of the largest that the kernel works with. It’s also arguably the most important of all structures to know for any kernel-mode debugging of Windows 10 that touches on memory management. The reason is that where earlier Windows versions have numerous internal variables for memory management, all (or most) of them showing plainly when debugging with public symbols, Windows 10 turns very many of them into members of the one internal variable, named MiState, with the side-effect that they show much less plainly. The MI_SYSTEM_INFORMATION is this variable’s type.

Variability

As a collection of what had been internal variables, the MI_SYSTEM_INFORMATION is highly susceptible to changing between builds. Almost all of the change from one build to the next is within substructures. Seen just at the immediate level of the structure’s own members, there have only been one addition, two removals and one relocation (this last to recover ten bytes of alignment space in the 64-bit builds). Still, very few of the members, let alone of members of members, keep their offsets from one build to the next. The following changes of size give a rough indication of the structure’s variability:

Version Size (x86) Size (x64)
10.0 to 1511 0x3CC0 0x1BC0
1607 0x3D80 0x1EC0
1703 0x3B00 0x1B40
1709 0x3BC0 0x1B00
1803 0x4FC0 0x2080

It is no accident that the size is always a multiple of 0x40: cache alignment is plainly a consideration for many of the members and substructures.

Layout

The sizes in the preceding table and the names and types in the next are from type information in the public symbol files for the kernel.

Offset (x86) Offset (x64) Definition Versions Remarks
0x00 0x00
MI_POOL_STATE Pools;
10.0 and higher  
0x0500 0x0100 (1511 to 1709);
0x0180
MI_SECTION_STATE Sections;
10.0 and higher  
0x0640 0x0380 (10.0 to 1607);
0x0340 (1703);
0x0380 (1709);
0x0400
MI_SYSTEM_IMAGE_STATE SystemImages;
10.0 and higher  
0x06A4 (10.0);
0x06AC (1511 to 1709);
0x06B0
0x0430 (10.0);
0x0440 (1511 to 1607);
0x03F8 (1703);
0x0438 (1709);
0x04C0
MI_SESSION_STATE Sessions;
10.0 and higher  
0x16E0 (10.0);
0x16E8 (1511);
0x16F0 (1607);
0x16E8 (1703 to 1709);
0x16F0
0x04C0 (10.0);
0x04D0 (1511);
0x04E0 (1607);
0x0480 (1703);
0x04C0 (1709);
0x0548
MI_PROCESS_STATE Processes;
10.0 and higher  
0x1750 (10.0);
0x1758 (1511);
0x1760 (1607);
0x1740 (1703);
0x1748 (1709);
0x1758
0x0520 (10.0);
0x0530 (1511);
0x0540 (1607);
0x04B0 (1703);
0x04F8 (1709);
0x0590
MI_HARDWARE_STATE Hardware;
10.0 and higher  
0x1800 (10.0 to 1511);
0x1840 (1607);
0x1800 (1703);
0x1840
0x0600 (10.0 to 1511);
0x0640 (1607);
0x05C0 (1703);
0x0600 (1709);
0x0700
MI_SYSTEM_VA_STATE SystemVa;
10.0 and higher  
0x2CC0 (10.0 to 1511);
0x2D00 (1703);
0x2D40 (1709);
0x3F80
0x08C0 (10.0 to 1511);
0x0940 (1703);
0x09C0 (1709);
0x0C00
MI_COMBINE_STATE PageCombines;
10.0 and higher  
0x2D18 (1607 to 1703);
0x2D58 (1709);
0x3F98
0x0AE0 (1607 to 1703);
0x09D8 (1709);
0x0C18
MI_PAGELIST_STATE PageLists;
1607 and higher  
0x2CD8 (10.0 to 1511);
0x2D20 (1607 to 1703);
0x2D60 (1709);
0x3FB0
0x0A60 (10.0 to 1511);
0x0AF0 (1607 to 1703);
0x09E8 (1709);
0x0C40
MI_PARTITION_STATE Partitions;
10.0 and higher  
0x2D08 (10.0);
0x2D10 (1511);
0x2D58 (1607 to 1703);
0x2D98 (1709);
0x3FE8
0x0AB8 (10.0);
0x0AC0 (1511);
0x0B50 (1607 to 1703);
0x0A48 (1709);
0x0CA0
MI_SHUTDOWN_STATE Shutdowns;
10.0 and higher  
0x2D58 (10.0 to 1511);
0x2DA0 (1607 to 1703);
0x2DE0 (1709);
0x4030
0x0B38 (10.0);
0x0B40 (1511);
0x0BD0 (1607);
0x0BC8 (1703);
0x0AC0 (1709);
0x0D18
MI_ERROR_STATE Errors;
10.0 and higher  
0x2E00 (10.0 to 1511);
0x2E80 (1607 to 1703);
0x2EC0 (1709);
0x4100
0x0C00 (10.0 to 1511);
0x0CC0 (1607);
0x0C80 (1703);
0x0B80 (1709);
0x0E00
MI_ACCESS_LOG_STATE AccessLog;
10.0 and higher  
0x2E80 (10.0 to 1511);
0x2F00 (1607 to 1703);
0x2F40 (1709);
0x4180
0x0C80 (10.0 to 1511);
0x0D40 (1607);
0x0D00 (1703);
0x0C00 (1709);
0x0E80
MI_DEBUGGER_STATE Debugger;
10.0 and higher  
0x2F40 (10.0 to 1511);
0x2FC0 (1607);
0x2F90 (1703);
0x2FD0 (1709);
0x4210
0x0DC0 (10.0 to 1511);
0x0E80 (1607);
0x0E20 (1703);
0x0D20 (1709);
0x0FA0
MI_STANDBY_STATE Standby;
10.0 and higher  
0x2FC0 (10.0 to 1511);
0x3040 (1607);
0x3000 (1703);
0x3040 (1709);
0x4280
0x0E80 (10.0 to 1511);
0x0F40 (1607);
0x0EC0 (1703);
0x0DC0 (1709);
0x1040
MI_SYSTEM_PTE_STATE SystemPtes;
10.0 and higher  
0x3140 (10.0 to 1511);
0x31C0 (1607);
0x3140 (1703);
0x31C0 (1709);
0x4400
0x1000 (10.0 to 1511);
0x1100 (1607);
0x1040 (1703);
0x1000 (1709);
0x1240
MI_IO_PAGE_STATE IoPages;
10.0 and higher  
0x3178 (10.0 to 1511);
0x3200 (1607);
0x3180 (1703);
0x3200 (1709);
0x4440
0x1060 (10.0 to 1511);
0x1170 (1607);
0x10B0 (1703);
0x1070 (1709);
0x12B0
MI_PAGING_IO_STATE PagingIo;
10.0 and higher  
0x31B0 (10.0 to 1511);
0x3238 (1607);
0x31B8 (1703);
0x3238 (1709);
0x4478
0x10B0 (10.0 to 1511);
0x11C0 (1607);
0x1100 (1703);
0x10C0 (1709);
0x1300
MI_COMMON_PAGE_STATE CommonPages;
10.0 and higher  
0x3200 (10.0 to 1511);
0x3280 (1607);
0x3200 (1703);
0x3280 (1709);
0x44C0
0x1140 (10.0);
0x1180 (1511);
0x1280 (1607);
0x11C0 (1703);
0x1180 (1709);
0x13C0
MI_SYSTEM_TRIM_STATE Trims;
10.0 and higher  
0x3240 (10.0 to 1511);
0x32C0 (1607)
0x1180 (10.0);
0x11C0 (1511);
0x12C0 (1607)
MI_RESAVAIL_TRACKER ResTrack;
10.0 to 1607  
0x3440 (10.0 to 1511);
0x34C0 (1607);
0x3240 (1703);
0x32C0 (1709);
0x4500
0x1540 (10.0 to 1511);
0x1640 (1607);
0x1200 (1703);
0x11C0 (1709);
0x1400
ULONG_PTR Cookie;
10.0 and higher  
0x3444 (10.0 to 1511);
0x34C4 (1607)
0x1548 (10.0 to 1511);
0x1648 (1607)
LONG volatile ZeroingDisabled;
10.0 to 1607 next at 0x3248 and 0x1210
0x3448 (10.0 to 1511);
0x34C8 (1607);
0x3244 (1703);
0x32C4 (1709);
0x4504
0x1550 (10.0 to 1511);
0x1650 (1607);
0x1208 (1703);
0x11C8 (1709);
0x1408
PVOID volatile *BootRegistryRuns;
10.0 and higher  
0x3248 (1703);
0x32C8 (1709);
0x4508
0x1210 (1703);
0x11D0 (1709);
0x1410
LONG volatile ZeroingDisabled;
1703 and higher previously at 0x34C4 and 0x1648
0x344C (10.0 to 1511);
0x34CC (1607);
0x324C (1703);
0x32CC (1709);
0x450C
0x1558 (10.0 to 1511);
0x1658 (1607);
0x1214 (1703);
0x11D4 (1709);
0x1414
BOOLEAN FullyInitialized;
10.0 and higher  
0x344D (10.0 to 1511);
0x34CD (1607);
0x324D (1703);
0x32CD (1709);
0x450D
0x1559 (10.0 to 1511);
0x1659 (1607);
0x1215 (1703);
0x11D5 (1709);
0x1415
BOOLEAN SafeBooted;
10.0 and higher  
0x3450 (10.0 to 1511) 0x1560 (10.0 to 1511)
RTL_BITMAP LargePfnBitMap;
10.0 to 1511  
0x3458 (10.0 to 1511);
0x34D0 (1607);
0x3250 (1703);
0x32D0 (1709);
0x4510
 
RTL_BITMAP PfnBitMap;
10.0 and higher  
0x3460 (10.0 to 1511);
0x34D8 (1607);
0x3258 (1703);
0x32D8 (1709);
0x4518
0x1570 (10.0 to 1511);
0x1660 (1607);
0x1218 (1703);
0x11D8 (1709);
0x1418
struct _TlgProvider_t const *TraceLogging;
10.0 and higher  
0x3480 (10.0 to 1511);
0x3500 (1607);
0x3280 (1703);
0x3300 (1709);
0x4540
0x1580 (10.0 to 1511);
0x1680 (1607);
0x1240 (1703);
0x1200 (1709);
0x1440
MI_VISIBLE_STATE Vs;
10.0 and higher