Undocumented functions of NTDLL


SYSTEM_MODULE
SYSTEM_MODULE

typedef struct _SYSTEM_MODULE {




  ULONG                Reserved1;
  ULONG                Reserved2;
  PVOID                ImageBaseAddress;
  ULONG                ImageSize;
  ULONG                Flags;
  WORD                 Id;
  WORD                 Rank;
  WORD                 w018;
  WORD                 NameOffset;
  BYTE                 Name[MAXIMUM_FILENAME_LENGTH];


} SYSTEM_MODULE, *PSYSTEM_MODULE;


Reserved1
Reserved (always 0xBAADF00D).



Reserved2



Reserved (always 0).






Address



Module address in virtual address space.






ImageSize



Size of module in virtual address space.






Flags



- ???






Id



0-based counter of results.






Rank



The same as Id
(in global enumeration with 
NtQuerySystemInformation), or unknown.






w018



In process module enumeration with 
LdrQueryProcessModuleInformation always 0xFFFF, in other
- unknown.






NameOffset



Offset in Name
table to first char of module name.






Name



Path to module.













Requirements:





Library: ntdll.lib

















See also:





KMODULE





SYSTEM_MODULE_INFORMATION






LdrQueryProcessModuleInformation






NtQuerySystemInformation