SYSTEM_PERFORMANCE_INFORMATION

The SYSTEM_PERFORMANCE_INFORMATION structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemPerformanceInformation (0x02).

Documentation Status

The SYSTEM_PERFORMANCE_INFORMATION structure is defined in WINTERNL.H from the Software Development Kit (SDK). The definition there has the whole structure as one array of 0x0138 bytes, named Reserved1. Documentation of NtQuerySystemInformation describes the structure as “opaque” and suggests that whatever is produced in it for the SystemPerformanceInformation case “can be used to generate an unpredictable seed for a random number generator.”

Layout

The SYSTEM_PERFORMANCE_INFORMATION is 0x0158 bytes in both 32-bit and 64-bit Windows 10.

Offset Definition or Description
0x00
LARGE_INTEGER IdleProcessTime;
0x08
LARGE_INTEGER IoReadTransferCount;
0x10
LARGE_INTEGER IoWriteTransferCount;
0x18
LARGE_INTEGER IoOtherTransferCount;
0x20
ULONG IoReadOperationCount;
0x24
ULONG IoWriteOperationCount;
0x28
ULONG IoOtherOperationCount;
0x2C
ULONG AvailablePages;
0x30
ULONG CommittedPages;
0x34
ULONG CommitLimit;
0x38
ULONG PeakCommitment;
0x3C
ULONG PageFaultCount;
0x40
ULONG CopyOnWriteCount;
0x44
ULONG TransitionCount;
0x48
ULONG CacheTransitionCount;
0x4C
ULONG DemandZeroCount;
0x50
ULONG PageReadCount;
0x54
ULONG PageReadIoCount;
0x58
ULONG CacheReadCount;
0x5C
ULONG CacheIoCount;
0x60
ULONG DirtyPagesWriteCount;
0x64
ULONG DirtyWriteIoCount;
0x68
ULONG MappedPagesWriteCount;
0x6C
ULONG MappedWriteIoCount;
0x70
ULONG PagedPoolPages;
0x74
ULONG NonPagedPoolPages;
0x78
ULONG PagedPoolAllocs;
0x7C
ULONG PagedPoolFrees;
0x80
ULONG NonPagedPoolAllocs;
0x84
ULONG NonPagedPoolFrees;
0x88
ULONG FreeSystemPtes;
0x8C
ULONG ResidentSystemCodePage;
0x90
ULONG TotalSystemDriverPages;
0x94
ULONG TotalSystemCodePages;
0x98
ULONG NonPagedPoolLookasideHits;
0x9C
ULONG PagedPoolLookasideHits;
0xA0
ULONG AvailablePagedPoolPages;
0xA4
ULONG ResidentSystemCachePage;
0xA8
ULONG ResidentPagedPoolPage;
0xAC
ULONG ResidentSystemDriverPage;
0xB0
ULONG CcFastReadNoWait;
0xB4
ULONG CcFastReadWait;
0xB8
ULONG CcFastReadResourceMiss;
0xBC
ULONG CcFastReadNotPossible;
0xC0
ULONG CcFastMdlReadNoWait;
0xC4
ULONG CcFastMdlReadWait;
0xC8
ULONG CcFastMdlReadResourceMiss;
0xCC
ULONG CcFastMdlReadNotPossible;
0xD0
ULONG CcMapDataNoWait;
0xD4
ULONG CcMapDataWait;
0xD8
ULONG CcMapDataNoWaitMiss;
0xDC
ULONG CcMapDataWaitMiss;
0xE0
ULONG CcPinMappedDataCount;
0xE4
ULONG CcPinReadNoWait;
0xE8
ULONG CcPinReadWait;
0xEC
ULONG CcPinReadNoWaitMiss;
0xF0
ULONG CcPinReadWaitMiss;
0xF4
ULONG CcCopyReadNoWait;
0xF8
ULONG CcCopyReadWait;
0xFC
ULONG CcCopyReadNoWaitMiss;
0x0100
ULONG CcCopyReadWaitMiss;
0x0104
ULONG CcMdlReadNoWait;
0x0108
ULONG CcMdlReadWait;
0x010C
ULONG CcMdlReadNoWaitMiss;
0x0110
ULONG CcMdlReadWaitMiss;
0x0114
ULONG CcReadAheadIos;
0x0118
ULONG CcLazyWriteIos;
0x011C
ULONG CcLazyWritePages;
0x0120
ULONG CcDataFlushes;
0x0124
ULONG CcDataPages;
0x0128
ULONG ContextSwitches;
0x012C
ULONG FirstLevelTbFills;
0x0130
ULONG SecondLevelTbFills;
0x0134
ULONG SystemCalls;
0x0138
ULONGLONG CcTotalDirtyPages;
0x0140
ULONGLONG CcDirtyPageThreshold;
0x0148
LONGLONG ResidentAvailablePages;
0x0150
ULONGLONG SharedCommittedPages;

This is the structure for Windows 10. Earlier versions are known which end the structure at 0x0138 or 0x0148.