Undocumented functions of NTDLL



SYSTEM_MODULE
SYSTEM_MODULE

typedef struct _SYSTEM_MODULE {



  ULONG                Reserved1;
  ULONG                Reserved2;
  PVOID                ImageBaseAddress;
  ULONG                ImageSize;
  ULONG                Flags;
  WORD                 Id;
  WORD                 Rank;
  WORD                 w018;
  WORD                 NameOffset;
  BYTE                 Name[MAXIMUM_FILENAME_LENGTH];



} SYSTEM_MODULE, *PSYSTEM_MODULE;



Reserved1
Reserved (always 0xBAADF00D).


Reserved2
Reserved (always 0).


Address
Module address in virtual address space.


ImageSize
Size of module in virtual address space.


Flags
- ???


Id
0-based counter of results.


Rank
The same as Id (in global enumeration with NtQuerySystemInformation), or unknown.


w018
In process module enumeration with LdrQueryProcessModuleInformation always 0xFFFF, in other - unknown.


NameOffset
Offset in Name table to first char of module name. 


Name
Path to module.


Requirements:
Library: ntdll.lib




See also:
KMODULE
SYSTEM_MODULE_INFORMATION
LdrQueryProcessModuleInformation
NtQuerySystemInformation