Undocumented functions of NTDLL


SYSTEM_MODULE
SYSTEM_MODULE

typedef struct _SYSTEM_MODULE {




  ULONG                Reserved1;
  ULONG                Reserved2;
  PVOID                ImageBaseAddress;
  ULONG                ImageSize;
  ULONG                Flags;
  WORD                 Id;
  WORD                 Rank;
  WORD                 w018;
  WORD                 NameOffset;
  BYTE                 Name[MAXIMUM_FILENAME_LENGTH];


} SYSTEM_MODULE, *PSYSTEM_MODULE;


Reserved1
Reserved (always 0xBAADF00D).
Reserved2
Reserved (always 0).
Address
Module address in virtual address space.
ImageSize
Size of module in virtual address space.
Flags
- ???
Id
0-based counter of results.
Rank
The same as Id (in global enumeration with NtQuerySystemInformation), or unknown.
w018
In process module enumeration with LdrQueryProcessModuleInformation always 0xFFFF, in other - unknown.
NameOffset
Offset in Name table to first char of module name.
Name
Path to module.


Requirements:
Library: ntdll.lib




See also:
KMODULE
SYSTEM_MODULE_INFORMATION
LdrQueryProcessModuleInformation
NtQuerySystemInformation