NtQuerySystemInformation Function (Windows)

NtQuerySystemInformation Function

NtQuerySystemInformation Function

[NtQuerySystemInformation may be altered or unavailable in future versions of Windows. Applications should use the alternate functions listed in this topic.]

Retrieves the specified system information.

Syntax

NTSTATUS WINAPI NtQuerySystemInformation(
  __in       SYSTEM_INFORMATION_CLASS SystemInformationClass,
  __inout    PVOID SystemInformation,
  __in       ULONG SystemInformationLength,
  __out_opt  PULONG ReturnLength
);

Parameters

SystemInformationClass

One of the values enumerated in SYSTEM_INFORMATION_CLASS, which indicate the kind of system information to be retrieved. These include the following values.

SystemBasicInformation

Returns the number of processors in the system in a SYSTEM_BASIC_INFORMATION structure. Use the GetSystemInfo function instead.

SystemPerformanceInformation

Returns an opaque SYSTEM_PERFORMANCE_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead.

SystemTimeOfDayInformation

Returns an opaque SYSTEM_TIMEOFDAY_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead.

SystemProcessInformation

Returns an array of SYSTEM_PROCESS_INFORMATION structures, one for each process running in the system.

These structures contain information about the resource usage of each process, including the number of handles used by the process, the peak page-file usage, and the number of memory pages that the process has allocated.

SystemProcessorPerformanceInformation

Returns an array of SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION structures, one for each processor installed in the system.

SystemInterruptInformation

Returns an opaque SYSTEM_INTERRUPT_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead.

SystemExceptionInformation

Returns an opaque SYSTEM_EXCEPTION_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead.

SystemRegistryQuotaInformation

Returns a SYSTEM_REGISTRY_QUOTA_INFORMATION structure.

SystemLookasideInformation

Returns an opaque SYSTEM_LOOKASIDE_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead.

SystemInformation

A pointer to a buffer that receives the requested information. The size and structure of this information varies depending on the value of the SystemInformationClass parameter:

SYSTEM_BASIC_INFORMATION

When the SystemInformationClass parameter is SystemBasicInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold a single SYSTEM_BASIC_INFORMATION structure having the following layout:


typedef struct _SYSTEM_BASIC_INFORMATION {
    BYTE Reserved1[24];
    PVOID Reserved2[4];
    CCHAR NumberOfProcessors;
} SYSTEM_BASIC_INFORMATION;

The NumberOfProcessors member contains the number of processors present in the system. Use GetSystemInfo instead to retrieve this information.

The other members of the structure are reserved for internal use by the operating system.

SYSTEM_PERFORMANCE_INFORMATION

When the SystemInformationClass parameter is SystemPerformanceInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_PERFORMANCE_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout:


typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
    BYTE Reserved1[312];
} SYSTEM_PERFORMANCE_INFORMATION;

Individual members of the structure are reserved for internal use by the operating system.

Use the CryptGenRandom function instead to generate cryptographically random data.

SYSTEM_TIMEOFDAY_INFORMATION

When the SystemInformationClass parameter is SystemTimeOfDayInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_TIMEOFDAY_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout:


typedef struct _SYSTEM_TIMEOFDAY_INFORMATION {
    BYTE Reserved1[48];
} SYSTEM_TIMEOFDAY_INFORMATION;

Individual members of the structure are reserved for internal use by the operating system.

Use the CryptGenRandom function instead to generate cryptographically random data.

SYSTEM_PROCESS_INFORMATION

When the SystemInformationClass parameter is SystemProcessInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array that contains as many SYSTEM_PROCESS_INFORMATION structures as there are processes running in the system. Each structure has the following layout:


typedef struct _SYSTEM_PROCESS_INFORMATION {
    ULONG NextEntryOffset;
    BYTE Reserved1[52];
    PVOID Reserved2[3];
    HANDLE UniqueProcessId;
    PVOID Reserved3;
    ULONG HandleCount;
    BYTE Reserved4[4];
    PVOID Reserved5[11];
    SIZE_T PeakPagefileUsage;
    SIZE_T PrivatePageCount;
    LARGE_INTEGER Reserved6[6];
} SYSTEM_PROCESS_INFORMATION;

The HandleCount member contains the total number of handles being used by the process in question; use GetProcessHandleCount to retrieve this information instead.

The PeakPagefileUsage member contains the maximum number of bytes of page-file storage used by the process, and the PrivatePageCount member contains the number of memory pages allocated for the use of this process.

You can also retrieve this information using either the GetProcessMemoryInfo function or the Win32_Process class.

The other members of the structure are reserved for internal use by the operating system.

SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION

When the SystemInformationClass parameter is SystemProcessorPerformanceInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array that contains as many SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION structures as there are processors (CPUs) installed in the system. Each structure has the following layout:


typedef struct
_SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
    LARGE_INTEGER IdleTime;
    LARGE_INTEGER KernelTime;
    LARGE_INTEGER UserTime;
    LARGE_INTEGER Reserved1[2];
    ULONG Reserved2;
} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;

The IdleTime member contains the amount of time that the system has been idle, in 100-nanosecond intervals.

The KernelTime member contains the amount of time that the system has spent executing in Kernel mode (including all threads in all processes, on all processors), in 100-nanosecond intervals.

The UserTime member contains the amount of time that the system has spent executing in User mode (including all threads in all processes, on all processors), in 100-nanosecond intervals.

Use GetSystemTimes instead to retrieve this information.

SYSTEM_INTERRUPT_INFORMATION

When the SystemInformationClass parameter is SystemInterruptInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array that contains as many opaque SYSTEM_INTERRUPT_INFORMATION structures as there are processors (CPUs) installed on the system. Each structure, or the array as a whole, can be used to generate an unpredictable seed for a random number generator. For this purpose, the structure has the following layout:


typedef struct _SYSTEM_INTERRUPT_INFORMATION {
    BYTE Reserved1[24];
} SYSTEM_INTERRUPT_INFORMATION;

Individual members of the structure are reserved for internal use by the operating system.

Use the CryptGenRandom function instead to generate cryptographically random data.

SYSTEM_EXCEPTION_INFORMATION

When the SystemInformationClass parameter is SystemExceptionInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_EXCEPTION_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout:


typedef struct _SYSTEM_EXCEPTION_INFORMATION {
    BYTE Reserved1[16];
} SYSTEM_EXCEPTION_INFORMATION;

Individual members of the structure are reserved for internal use by the operating system.

Use the CryptGenRandom function instead to generate cryptographically random data.

SYSTEM_REGISTRY_QUOTA_INFORMATION

When the SystemInformationClass parameter is SystemRegistryQuotaInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold a single SYSTEM_REGISTRY_QUOTA_INFORMATION structure having the following layout:


typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
    ULONG RegistryQuotaAllowed;
    ULONG RegistryQuotaUsed;
    PVOID Reserved1;
} SYSTEM_REGISTRY_QUOTA_INFORMATION;

The RegistryQuotaAllowed member contains the maximum size, in bytes, that the Registry can attain on this system.

The RegistryQuotaUsed member contains the current size of the Registry, in bytes.

Use GetSystemRegistryQuota instead to retrieve this information.

The other member of the structure is reserved for internal use by the operating system.

SYSTEM_LOOKASIDE_INFORMATION

When the SystemInformationClass parameter is SystemLookasideInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_LOOKASIDE_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout:


typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
    BYTE Reserved1[32];
} SYSTEM_LOOKASIDE_INFORMATION;

Individual members of the structure are reserved for internal use by the operating system.

Use the CryptGenRandom function instead to generate cryptographically random data.

SystemInformationLength

The size of the buffer pointed to by the SystemInformation parameter, in bytes.

ReturnLength

An optional pointer to a location where the function writes the actual size of the information requested. If that size is less than or equal to the SystemInformationLength parameter, the function copies the information into the SystemInformation buffer; otherwise, it returns an NTSTATUS error code and returns in ReturnLength the size of buffer required to receive the requested information.

Return Value

Returns an NTSTATUS success or error code.

The forms and significance of NTSTATUS error codes are listed in the Ntstatus.h header file available in the Windows Device Driver Kit (DDK), and are described in the DDK documentation.

Remarks

The NtQuerySystemInformation function and the structures that it returns are internal to the operating system and subject to change from one release of Windows to another. To maintain the compatibility of your application, it is better to use the alternate functions previously mentioned instead.

If you do use NtQuerySystemInformation, access the function through run-time dynamic linking. This gives your code an opportunity to respond gracefully if the function has been changed or removed from the operating system. Signature changes, however, may not be detectable.

This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Ntdll.dll.

Requirements

Header	Declared in Winternl.h.
DLL	Requires Ntdll.dll.

Product Families

Resources

About Microsoft

Popular Places

Popular Searches

Popular Downloads

Microsoft Developer Network

Syntax

Parameters

Return Value

Remarks

Requirements

See Also