SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H

// private
/**
 * The SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION structure contains information
 * required for code integrity verification of an image.
 *
 * Two verification modes are supported:
 * - File-backed: supply a non-null FileHandle (handle to an open file); Image and ImageSize are ignored.
 * - Memory-backed: supply a null FileHandle, set Image to the base address of a mapped/loaded PE image
 *   in memory, and ImageSize to its size in bytes. The kernel reads image content directly from the buffer.
 */
typedef struct _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
{
    HANDLE FileHandle; // Handle to an open file for file-backed verification, or NULL for memory-backed verification.
    ULONG ImageSize;   // Size in bytes of the image buffer; used only when FileHandle is NULL.
    PVOID Image;       // Base address of the PE image buffer for memory-backed verification; ignored when FileHandle is non-null.
} SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION, *PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub