RTL_PROCESS_MODULES

The RTL_PROCESS_MODULES structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemModuleInformation (0x0B).

Documentation Status

The RTL_PROCESS_MODULES structure is not documented.

Layout

The RTL_PROCESS_MODULES is 0x0120 and 0x0130 in 32-bit and 64-bit Windows 10, respectively.

Offset (x86) Offset (x64) Definition
0x00 0x00
ULONG NumberOfModules;
0x04 0x08
RTL_PROCESS_MODULE_INFORMATION Modules [ANYSIZE_ARRAY];