SYSTEM_TIMEOFDAY_INFORMATION

The SYSTEM_TIMEOFDAY_INFORMATION structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemTmeOfDayInformation (0x03).

Documentation Status

The SYSTEM_TIMEOFDAY_INFORMATION structure is defined in WINTERNL.H from the Software Development Kit (SDK). The definition there has the whole structure as one array of bytes, named Reserved1. Documentation of NtQuerySystemInformation describes the structure as “opaque” and suggests that whatever is produced in it for the SystemTimeOfDayInformation case “can be used to generate an unpredictable seed for a random number generator.”

Layout

The SYSTEM_TIMEOFDAY_INFORMATION is 0x30 bytes in both 32-bit and 64-bit Windows.

Offset Definition
0x00
LARGE_INTEGER BootTime;
0x08
LARGE_INTEGER CurrentTime;
0x10
LARGE_INTEGER TimeZoneBias;
0x18
ULONG TimeZoneId;
0x1C
ULONG Reserved;
0x20
ULONGLONG BootTimeBias;
0x28
ULONGLONG SleepTimeBias;