CURRENT WORK ITEM - PREVIEW ONLY

ZwSetSystemInformation

This function sets a wide range of system properties and behaviour.

Declaration

NTSTATUS 
ZwSetSystemInformation (
    SYSTEM_INFORMATION_CLASS SystemInformationClass, 
    PVOID SystemInformation, 
    ULONG SystemInformationLength);

Parameters

The SystemInformationClass argument tells what sort of information to set. There are very many supported values.

The SystemInformation and SystemInformationLength arguments are respectively the address and size (in bytes) of a buffer that provides the information. The SystemInformationLength can be zero to indicate that no information is provided. Interpretation of whatever information is provided depends on the information class. The function treats the buffer as read-only for most information classes but not all.

Return Value

The function returns STATUS_SUCCESS if successful, else a negative error code or, unusually, a positive status or warning.

Availability

The ZwSetSystemInformation and NtSetSystemInformation functions are ancient, being exported by name from NTDLL in version 3.51 and higher. In user mode, the functions are aliases for a stub that transfers execution to the NtSetSystemInformation implementation in kernel mode such that the execution is recognised as originating in user mode.

The ZwSetSystemInformation function is similarly ancient as an export from the kernel. It too is a stub that transfers execution to NtSetSystemInformation but such that the execution is recognised as originating in kernel mode. In all versions, NtSetSystemInformation itself is just as an internal routine.

Documentation Status

Under any name, this function is not documented. As ZwSetSystemInformation only, it is declared in the ZWAPI.H that seems to have been first published in a Windows Driver Kit (WDK) for Windows 10.

The SYSTEM_INFORMATION_CLASS enumeration has a C-language definition in WINTERNL.H from the Software Development Kit (SDK), for use with the NtQuerySystemInformation function (which is documented as an NTDLL export). The definition given there is plainly not what Microsoft itself uses but is instead a contrivance for the relative handful of cases that Microsoft discloses. One of those cases, however, is acceptable to NtSetSystemInformation.

Behaviour

The following implementation notes are from inspection of the kernel from the original release of Windows 10. They may some day get revised to account for earlier versions. Meanwhile, where anything is added about earlier versions, take it as a bonus from my being unable to resist at least a quick look into the history, not as an attempt at comprehensiveness.

User-Mode Defences

If executing for a user-mode request, the function has some general defensiveness about addresses passed as arguments. Failure at any of these defences is failure for the function, typically showing as a return of STATUS_DATATYPE_MISALIGNMENT or STATUS_ACCESS_VIOLATION (as raised but handled exceptions).

If an information buffer is given, meaning here that SystemInformationLength is non-zero, then its address SystemInformation must be dword-aligned ordinarily but word-aligned for information class SystemErrorPortInformation (0x59), and the whole of it must be in user-mode address space.

Exception Handling

Except if noted explicitly below, the function never accesses the SystemInformation without preparing for exceptions. If executing for a user-mode request, the occurrence of an exception during such access is fatal for the function, which returns the exception code as its own result. If executing for a kernel-mode request, exceptions are handled only to continue as if unhandled, which will typically be fatal to Windows.

Valid Information Classes

The large table below lists the information classes that ZwSetSystemInformation does not dismiss as invalid. For all others, the function fails, returning STATUS_INVALID_INFO_CLASS. Be aware, however, that a few do little or nothing except to return some other error.

Numeric Value Symbolic Name
0x09 SystemFlagsInformation
0x15 SystemFileCacheInformation
0x18 SystemDpcBehaviorInformation
0x1A SystemLoadGdiDriverInformation
0x1B SystemUnloadGdiDriverInformation
0x1C SystemTimeAdjustmentInformation
0x1E SystemMirrorMemoryInformation
0x1F SystemPerformanceTraceInformation
0x22 SystemCrashDumpStateInformation
0x25 SystemRegistryQuotaInformation
0x26 SystemExtendedServiceTableInformation
0x27 SystemPrioritySeparation
0x28 SystemVerifierAddDriverInformation
0x29 SystemVerifierRemoveDriverInformation
0x2E SystemTimeSlipNotification
0x2F SystemSessionCreate
0x30 SystemSessionDetach
0x33 SystemVerifierInformation
0x34 SystemVerifierThunkExtend
0x36 SystemLoadGdiDriverInSystemSpace
0x38 SystemPrefetcherInformation
0x3B SystemComPlusPackage
0x45 SystemHotpatchInformation
0x47 SystemWatchdogTimerHandler
0x48 SystemWatchdogTimerInformation
0x4A SystemWow64SharedInformationObsolete
0x4B SystemRegisterFirmwareTableInformationHandler
0x4F SystemSuperfetchInformation
0x50 SystemMemoryListInformation
0x51 SystemFileCacheInformationEx
0x52 SystemThreadPriorityClientIdInformation
0x56 SystemRefTraceInformation
0x57 SystemSpecialPoolInformation
0x59 SystemErrorPortInformation
0x5B SystemHypervisorInformation
0x5C SystemVerifierInformationEx
0x5D SystemTimeZoneInformation
0x5E SystemImageFileExecutionOptionsInformation
0x5F SystemCoverageInformation
0x61 SystemVerifierFaultsInformation
0x66 SystemDynamicTimeZoneInformation
0x68 SystemProcessorMicrocodeUpdateInformation
0x6A SystemVirtualAddressInformation
0x6D SystemStoreInformation
0x6E SystemRegistryAppendString
0x6F SystemAitSamplingValue
0x71 SystemCpuQuotaInformation
0x7F SystemScrubPhysicalMemoryInformation
0x81 SystemProcessorProfileControlArea
0x82 SystemCombinePhysicalMemoryInformation
0x83 SystemEntropyInterruptTimingInformation
0x84 SystemConsoleInformation
0x86 SystemPolicyInformation
0x96 SystemBootMetadataInformation
0x97 SystemSoftRebootInformation
0x98 SystemElamCertificateInformation
0x9B SystemRegistryReconciliationInformation
0x9F SystemHypervisorDetailInformation
0xA1 SystemVmGenerationCountInformation
0xA8 SystemAllowedCpuSetsInformation
0xAA SystemInterruptCpuSetsInformation
0xB0 SystemCpuSetTagInformation

All remaining behaviour varies with the information class.

SystemFlagsInformation (0x09)

The information buffer must provide exactly a SYSTEM_FLAGS_INFORMATION structure. There is just the one member, a ULONG named Flags. It updates the kernel’s NtGlobalFlag variable. Since this variable is exported from all known kernel versions (and is declared in NTDDK.H, originally), SystemFlagsInformation has little or no reason to exist except to help user-mode callers.

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

Not all bits in the given Flags get updated in NtGlobalFlag, only those masked by 0x6DCE640F.

SystemFileCacheInformation (0x15)

The information buffer must provide at least a SYSTEM_FILECACHE_INFORMATION structure.

If executing for a user-mode request, the caller must have SeIncreaseQuotaPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemDpcBehaviorInformation (0x18)

The information buffer must provide exactly a SYSTEM_DPC_BEHAVIOR_INFORMATION structure.

If executing for a user-mode request, the caller must have SeLoadDriverPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemLoadGdiDriverInformation (0x1A)

The information buffer must provide exactly a SYSTEM_GDI_DRIVER_INFORMATION structure.

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The DriverName member provides the only input, specifically to name the driver that the function is to load. If the function cannot load this driver as a per-session system image, it fails. Otherwise, it fills in the other members of the structure with a description of the loaded driver.

SystemUnloadGdiDriverInformation (0x1B)

The information buffer must provide exactly one pointer. This is to be the address of the driver that the function is to unload. The caller presumably knows it from what was put in the ImageAddress member when SystemLoadGdiDriverInformation was used to load the driver.

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemTimeAdjustmentInformation (0x1C)

The information buffer must provide exactly a SYSTEM_SET_TIME_ADJUST_INFORMATION structure.

If executing for a user-mode request, the caller must have SeSystemtimePrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

If Enable is FALSE, the TimeAdjustment must be between 0 and 10,000,000 (representing 1 second). Otherwise, the function fails, returning STATUS_INVALID_PARAMETER.

SystemMirrorMemoryInformation (0x1E)

The information buffer is ignored.

Memory mirroring is a high-end feature that Microsoft enables only in high-end server editions of Windows. If the license value Kernel-MemoryMirroringSupported does not evaluate to TRUE, the function fails, returning STATUS_LICENSE_VIOLATION. If executing for a user-mode request, the caller must have SeShutdownPrivilege, else the function fails, returning STATUS_PRIVILEGE_NOT_HELD. The function fails, returning STATUS_NOT_SUPPORTED, unless mirroring is enabled in the registry.

SystemSystemPerformanceTraceInformation (0x1F)

TO BE DONE

SystemCrashDumpStateInformation (0x22)

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

Ideally, the information buffer provides exactly a SYSTEM_CRASH_DUMP_STATE_INFORMATION structure whose one member tells what configuration is wanted:

The structure is not required, however. If SystemInformationLength is incorrect, the function defaults to SystemCrashDumpReconfigure. If the structure is given but with an invalid configuration, the function fails, returning STATUS_INVALID_PARAMETER.

SystemRegistryQuotaInformation (0x25)

The information buffer must provide exactly a SYSTEM_REGISTRY_QUOTA_INFORMATION structure.

If executing for a user-mode request, the caller must have SeIncreaseQuotaPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemExtendedServiceTableInformation (0x26)

The information buffer must provide exactly a UNICODE_STRING structure. This is to name a driver to load as a per-session system image and to initialise as the session driver.

If executing for a user-mode request, the permitted circumstances and the freedom to name the driver are greatly restricted. Failure on any count causes the function to return STATUS_PRIVILEGE_NOT_HELD. First, the current process must be the session master. Second, the caller must have SeLoadDriverPrivilege. Third, the name can only be \SystemRoot\System32\win32k.sys, as 0x3E bytes in this particular mixture of case. With these requirements all met, the function reissues itself as a kernel-mode ZwSetSystemInformation.

SystemPrioritySeparation (0x27)

The information buffer must provide exactly a dword.

If executing for a user-mode request, the caller must have SeTcbPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemVerifierAddDriverInformation (0x28)

The information buffer must provide exactly a UNICODE_STRING structure. This is to name a driver whose operations are to be verified.

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemVerifierRemoveDriverInformation (0x29)

The information buffer must provide exactly a UNICODE_STRING structure. This is to name a driver whose operations are being verified but which need not be.

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemTimeSlipNotification (0x2E)

The information buffer must provide exactly a HANDLE. The intention is that the handle refer to an event that the kernel is to signal when resuming execution after kernel-mode debugging. The handle can be NULL to direct that no signal is wanted.

If executing for a user-mode request, the caller must have SeSystemtimePrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

Unless the given handle is NULL, it must be specifically a handle to an event object and have the EVENT_MODIFY_ACCESS permission. If the function cannot reference the event object for modification, it fails.

SystemSessionCreate (0x2F)

This information class is only trivially valid. The function returns STATUS_NOT_IMPLEMENTED.

SystemSessionDetach (0x30)

This information class is only trivially valid. The function returns STATUS_NOT_IMPLEMENTED.

SystemVeriferInformation (0x33)

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer must provide at least a dword of bit flags to adopt as Verifier options.

SystemVerifierThunkExtend (0x34)

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemLoadGdiDriverInSystemSpace (0x36)

The information buffer must provide exactly a SYSTEM_GDI_DRIVER_INFORMATION structure.

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The DriverName member provides the only input, specifically to name the driver that the function is to load. If the function cannot load this driver as a system image, it fails. Otherwise, it fills in the other members of the structure with a description of the loaded driver.

SystemPrefetcherInformation (0x38)

The information buffer must provide exactly a SUPERFETCH_INFORMATION structure as input. This is not certainly Microsoft’s name for the structure as expected for this information class. It is, however, Microsoft’s name for a structure that has the same layout and which is known to be correct for the information class SystemSuperfetchInformation.

The first dword must be 0x01 and the second 0x6B756843, else the function fails, returning STATUS_INVALID_PARAMETER. If the third dword is not a valid Prefetcher information class, the function fails, returning STATUS_INVALID_INFO_CLASS. The four valid cases are beyond the present scope of this review.

SystemComPlusPackage (0x3B)

The information buffer is to provide exactly a ULONG that is to be set into registry, specifically in the Enable64Bit value in HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, and become the ComPlusPackage in the KUSER_SHARED_DATA.

SystemHotpatchInformation (0x45)

This information class is only trivially valid. The function returns STATUS_NOT_SUPPORTED.

SystemWatchdogTimerHandler (0x47)

This information class is only trivially valid. The function returns STATUS_NOT_SUPPORTED.

SystemWatchdogTimerInformation (0x48)

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_INVALID_PARAMETER.

The information buffer must provide exactly a SYSTEM_WATCHDOG_TIMER_INFORMATION structure. Otherwise, the function fails, returning STATUS_INVALID_PARAMETER. The function also returns STATUS_INVALID_PARAMETER if the WdInfoClass in the structure is invalid. Of the defined Watchdog information classes, WdInfoState (5) is invalid, and WdInfoTimeoutValue (0) and WdInfoTriggerAction (4) are valid but unsupported, i.e., they case the function to return STATUS_NOT_SUPPORTED.

The supported Watchdog information classes are handled by routines in the HalPrivateDispatchTable. This jump table is exported, such that its routines can be diverted by anyone who knows the HAL_PRIVATE_DISPATCH type.

SystemWow64SharedInformationObsolete (0x4A)

This information class is only trivially valid. The function returns STATUS_NOT_IMPLEMENTED.

SystemRegisterFirmwareTableInformationHandler (0x4B)

This information class, which would register a callback routine to execute, is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer must provide at least a SYSTEM_FIRMWARE_TABLE_HANDLER. (This structure is defined in NTDDK.H, though one might wonder why, given that the only way to register a firmware table handler is through this information class of this undocumented function.)

The kernel keeps a linked list of registered firmware table handlers. These are distinguished by the ProviderSignature. If a handler is already registered for the same provider, then the function interprets FALSE for Registered as a request to unregister the handler whose address is given in FirmwareTableHandler. If this is not the registered handler for that provider, the function fails, returning STATUS_INVALID_PARAMETER. A registered handler can only be changed by un-registering and re-registering. If Registered is non-zero, then whatever is given in FirmwareTableHandler is ignored, and the function returns the warning STATUS_OBJECT_NAME_EXISTS.

If no handler is already registered for the same provider but Registered is FALSE, there is nothing to unregister, and the function fails, returning STATUS_INVALID_PARAMETER. Otherwise, the function adds the provider and its handler to the list. If only in theory, this can fail for lack of memory, shown by returning STATUS_INSUFFICIENT_RESOURCES.

SystemSuperfetchInformation (0x4F)

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly a SUPERFETCH_INFORMATION structure.

The first dword must be 0x2D and the second 0x6B756843, else the function fails, returning STATUS_INVALID_PARAMETER. If the third dword is not a valid Superfetch information class, the function fails, returning STATUS_INVALID_INFO_CLASS. There are many cases, presently all beyond the scope of this review.

SystemMemoryListInformation (0x50)

The information buffer must provide at least a SYSTEM_MEMORY_LIST_COMMAND. The following are valid:

Given anything else, the function fails, returning STATUS_INVALID_PARAMETER. If executing for a user-mode request, commands other than MemoryFlushModifiedList require SeProfileSingleProcessPrivilege, else the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemFileCacheInformationEx (0x51)

The information buffer must provide at least a SYSTEM_FILECACHE_INFORMATION structure.

If executing for a user-mode request, the caller must have SeIncreaseQuotaPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemThreadPriorityClientIdInformation (0x52)

The information buffer must provide at least a SYSTEM_THREAD_CID_PRIORITY_INFORMATION structure.

If executing for a user-mode request, the caller must have SeIncreaseBasePriorityPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The wanted Priority must be greater than LOW_PRIORITY (0) and no greater than HIGH_PRIORITY (31). Otherwise, the function fails, returning STATUS_INVALID_PARAMETER. If the ClientId does not correspond to any combination of process and thread, the function fails, returning STATUS_INVALID_CID. If the identified thread is signalled, the function fails, returning STATUS_THREAD_IS_TERMINATING.

After setting the given thread’s base priority, the function returns STATUS_PENDING.

SystemRefTraceInformation (0x56)

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide at least a SYSTEM_REF_TRACE_INFORMATION structure, else the function returns STATUS_INVALID_PARAMETER.

SystemSpecialPoolInformation (0x57)

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly a SYSTEM_SPECIAL_POOL_INFORMATION structure.

SystemErrorPortInformation (0x59)

This information class exists only for user-mode callers. If executing for a kernel-mode request, the function fails, returning STATUS_NOT_SUPPORTED. The user-mode caller must have SeTcbPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemHypervisorInformation (0x5B)

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer is not wanted. If SystemInformationLength is not zero, the function fails, returning STATUS_INVALID_PARAMETER_2. In fact, for this information class, the function sets nothing. The kernel simply returns STATUS_SUCCESS or STATUS_HV_NOT_PRESENT according to whether it knows a hypervisor is or is not present.

SystemVerifierInformationEx (0x5C)

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer must provide exactly a SYSTEM_VERIFIER_INFORMATION_EX structure.

SystemTimeZoneInformation (0x5D)

The information buffer must provide exactly an RTL_TIME_ZONE_INFORMATION structure.

If executing for a user-mode request, the caller must have SeTimeZonePrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemImageFileExecutionOptionsInformation (0x5E)

If executing for a user-mode request, the caller must have SeTcbPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly a SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION structure. There are just the two members. The FlagsToEnable are bits to set in the ImageFileExecutionOptions in the KUSER_SHARED_DATA, and then the FlagsToDisable are bits to clear.

SystemCoverageInformation (0x5F)

This information class exists only for user-mode callers. If executing for a kernel-mode request, the function fails, returning STATUS_ACCESS_DENIED. The user-mode caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide at least a COVERAGE_MODULE_REQUEST.

SystemVerifierFaultsInformation (0x61)

The information buffer must provide exactly a SYSTEM_VERIFIER_FAULTS_INFORMATION structure.

If executing for a user-mode request, the caller must have SeDebugPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemDynamicTimeZoneInformation (0x66)

The information buffer must provide exactly an RTL_DYNAMIC_TIME_ZONE_INFORMATION structure.

If executing for a user-mode request, the caller must have SeTimeZonePrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemProcessorMicrocodeUpdateInformation (0x68)

The information buffer must provide at least a SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION structure. There is just the one member, Operation, which can be 1 to load or 2 to unload. Anything else is rejected, as STATUS_INVALID_PARAMETER.

SystemVirtualAddressInformation (0x6A)

If executing for a user-mode request, the caller must have SeIncreaseQuotaPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer must provide at least six SYSTEM_VA_LIST_INFORMATION structures as an array, one for each valid SYSTEM_VA_TYPE.

This information class is incompatible with Safe Boot. If Windows started with the SAFEBOOT boot option, then this function returns STATUS_TOO_LATE.

SystemStoreInformation (0x6D)

The information buffer must provide exactly a structure whose name in Microsoft’s source code is not known. It is 0x10 or 0x18 bytes in 32-bit and 64-bit Windows, respectively. The first dword must be 1, else the function fails, returning STATUS_INVALID_PARAMETER.

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

If the second dword in the structure is not a valid Store information class, the function fails, returning STATUS_INVALID_INFO_CLASS. There are many cases, presently all beyond the scope of this review. Remaining members provide the address and size of additional information.

SystemRegistryAppendString (0x6E)

This information class is only trivially valid. The function returns STATUS_NOT_IMPLEMENTED.

SystemAitSamplingValue (0x6F)

The information buffer must provide exactly one ULONG that is to become the AitSamplingValue in the KUSER_SHARED_DATA.

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_ACCESS_DENIED.

SystemCpuQuotaInformation (0x71)

This information class depends on DFSS to be enabled by a registry configuration. If it is not, the function fails, returning STATUS_UNSUCCESSFUL.

The information buffer must provide a non-empty array of PS_CPU_QUOTA_SET_INFORMATION structures.

If executing for a user-mode request, the caller must have SeIncreaseQuotaPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemScrubPhysicalMemoryInformation (0x7F)

The information buffer must provide exactly a MEMORY_SCRUB_INFORMATION structure for both input and output.

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemProcessorProfileControlArea (0x81)

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly a SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA structure.

SystemCombinePhysicalMemoryInformation (0x82)

The information buffer must provide exactly a MEMORY_COMBINE_INFORMATION structure for both input and output.

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemEntropyInterruptTimingInformation (0x83)

This information class, which would register a callback routine to execute, is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly a SYSTEM_ENTROPY_TIMING_INFORMATION structure.

SystemConsoleInformation (0x84)

The information buffer must provide exactly a SYSTEM_CONSOLE_INFORMATION structure whose one meaningful member, a single bit named DriverLoaded, tells whether the function is to load or unload the console driver, meaning very specifically the driver whose registry key under \Registry\Machine\System\CurrentControlSet\Services is condrv.

If executing for a user-mode request, the caller must have SeLoadDriverPrivilege to unload the driver. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemPolicyInformation (0x86)

The information buffer must provide exactly at SYSTEM_POLICY_INFORMATION structure.

SystemBootMetadataInformation (0x96)

If executing for a user-mode request, the caller must have SeTcbPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer is not wanted. If SystemInformationLength is not zero, the function fails, returning STATUS_INFO_LENGTH_MISMATCH.

SystemSoftRebootInformation (0x97)

If executing for a user-mode request, the caller must have SeProfileSingleProcessPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

The information buffer must provide exactly one byte.

If the one byte of input is non-zero and the function is executing for a user-mode request, the caller must have SeTcbPrivilege, else the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemElamCertificateInformation (0x98)

The information buffer must provide exactly a SYSTEM_ELAM_CERTIFICATE_INFORMATION structure.

This information class exists only for user-mode callers. If executing for a kernel-mode request, the function fails, returning STATUS_INVALID_PARAMETER.

SystemRegistryReconciliationInformation (0x9B)

The information buffer is ignored.

SystemHypervisorDetailInformation (0x9F)

This information class is only trivially valid. The function returns STATUS_NOT_SUPPORTED.

SystemVmGenerationCountInformation (0xA1)

This information class is for kernel-mode use only. If executing for a user-mode request, the function fails, returning STATUS_ACCESS_DENIED.

The information buffer must provide exactly 8 bytes of input.

SystemAllowedCpuSetsInformation (0xA8)

The information buffer must provide exactly a ULONGLONG for each CPU set that is to be allowed, up to the maximum that the platform supports, i.e., 1 or 20 for 32-bit and 64-bit Windows 10, respectively.

SystemInterruptCpuSetsInformation (0xAA)

The information buffer must provide exactly a SYSTEM_INTERRUPT_CPU_SET_INFORMATION structure.

If executing for a user-mode request, the caller must have SeIncreaseBasePriorityPrivilege. Without it, the function fails, returning STATUS_PRIVILEGE_NOT_HELD.

SystemCpuSetTagInformation (0xB0)

The information buffer must provide for a SYSTEM_CPU_SET_TAG_INFORMATION structure whose unsized CpuSets array has exactly a ULONGLONG for each CPU set that is to be allowed, up to the maximum that the platform supports, i.e., 1 or 20 for 32-bit and 64-bit Windows 10, respectively.