SYSTEM_CODEINTEGRITYPOLICY_INFORMATION - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTEXAPI_H
// private
/**
* \brief Code Integrity Policy configuration and HVCI (Hypervisor-enforced Code Integrity) settings.
*
* Contains the kernel's code integrity policy enforcement options and Hardware-enforced Code Integrity (HVCI)
* configuration state. Enables applications to query the security posture of code integrity enforcement and
* virtualization-based security features. Available via NtQuerySystemInformation(SystemCodeIntegrityInformation).
*
* \since Windows 10
*/
typedef struct _SYSTEM_CODEINTEGRITYPOLICY_INFORMATION
{
/**
* \brief Code integrity policy options (Options union).
*
* Union providing both raw 32-bit access and bitfield access to policy flags:
* - Enabled: Code integrity enforcement is active
* - Audit: Code integrity operates in audit mode (violations logged, not blocked)
* - RequireWHQL: Windows Hardware Quality Labs certification required for drivers
* - DisabledFlightSigning: Flight-signed binaries are blocked from loading
* - EnabledUMCI: User-mode Code Integrity enforcement enabled (signed DLL requirement)
* - EnabledUpdatePolicyNoReboot: Code integrity policy updates without system reboot
* - EnabledSecureSettingPolicy: Secure settings policy enforcement enabled
* - EnabledUnsignedSystemIntegrityPolicy: Unsigned system integrity policies allowed
* - DynamicCodePolicyEnabled: Dynamic code generation and modification is restricted
* - Spare: 19 reserved bits for future expansion
* - ReloadPolicyNoReboot: Policy reloaded without reboot (bit 28)
* - ConditionalLockdown: Conditional code integrity lockdown mode (bit 29)
* - NoLockdown: Code integrity lockdown is not active (bit 30)
* - Lockdown: Code integrity lockdown mode is enforced (bit 31)
*/
union
{
ULONG Options;
struct
{
ULONG Enabled : 1; ///< Code integrity enforcement enabled
ULONG Audit : 1; ///< Audit mode (log violations, don't block)
ULONG RequireWHQL : 1; ///< Require WHQL certification
ULONG DisabledFlightSigning : 1; ///< Block flight-signed binaries
ULONG EnabledUMCI : 1; ///< User-mode code integrity enabled
ULONG EnabledUpdatePolicyNoReboot : 1; ///< Update policy without reboot
ULONG EnabledSecureSettingPolicy : 1; ///< Secure settings policy active
ULONG EnabledUnsignedSystemIntegrityPolicy : 1; ///< Allow unsigned system integrity policies
ULONG DynamicCodePolicyEnabled : 1; ///< Restrict dynamic code/JIT
ULONG Spare : 19; ///< Reserved for future use
ULONG ReloadPolicyNoReboot : 1; ///< Policy reloaded without reboot
ULONG ConditionalLockdown : 1; ///< Conditional lockdown mode
ULONG NoLockdown : 1; ///< Lockdown not enforced
ULONG Lockdown : 1; ///< Lockdown mode enforced
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
/**
* \brief Hardware-enforced Code Integrity (HVCI) options.
*
* Union providing both raw access and bitfield access to HVCI/VBS configuration:
* - HVCIEnabled: HVCI is active (code integrity enforcement via hypervisor)
* - HVCIStrict: Strict mode enforcement (higher security, lower performance)
* - HVCIDebug: Debug mode enabled (diagnostic/troubleshooting)
* - HVCISpare: 29 reserved bits for future HVCI expansion
*/
union
{
ULONG HVCIOptions;
struct
{
ULONG HVCIEnabled : 1; ///< HVCI enforced by hypervisor
ULONG HVCIStrict : 1; ///< Strict HVCI mode enforcement
ULONG HVCIDebug : 1; ///< HVCI debug mode active
ULONG HVCISpare : 29; ///< Reserved for future use
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
/**
* \brief Code integrity policy version.
*
* Version number incremented when the kernel reloads/updates the code integrity policy.
* Used to detect policy changes without requiring system restart.
*/
ULONGLONG Version;
/**
* \brief Code integrity policy GUID.
*
* Uniquely identifies the loaded code integrity policy file. Changes when a different
* policy becomes active; can be used to correlate policy audit logs.
*/
GUID PolicyGuid;
} SYSTEM_CODEINTEGRITYPOLICY_INFORMATION, *PSYSTEM_CODEINTEGRITYPOLICY_INFORMATION;
View code on GitHubNo description available.