SYSTEM_CODEINTEGRITY_INFORMATION

The SYSTEM_CODEINTEGRITY_INFORMATION structure provides input to and receives output from the ZwQuerySystemInformation or NtQuerySystemInformation functions when given the information class SystemCodeIntegrityInformation (0x67).

Documentation Status

The SYSTEM_CODEINTEGRITY_INFORMATION structure used not to be documented. It still has no C-language definition in any header, including WINTERNL.H, from any known development kit. It is however documented with NtQuerySystemInformation as found online today, 28th October 2016. When it was added may be anyone’s guess.

Layout

The SYSTEM_CODEINTEGRITY_INFORMATION is 0x08 bytes in both 32-bit and 64-bit Windows.

Offset Definition Remarks
0x00
ULONG Length;
input
0x04
ULONG CodeIntegrityOptions;
output

On input, the Length must hold the size of the structure, else the function fails, returning STATUS_INFO_LENGTH_MISMATCH.

In the CodeIntegrityOptions on output, the following are known to be possible (if only for the retail release of Windows 10).

Mask Symbolic Name
0x00000001 CODEINTEGRITY_OPTION_ENABLED
0x00000002 CODEINTEGRITY_OPTION_TESTSIGN
0x00000004 CODEINTEGRITY_OPTION_UMCI_ENABLED
0x00000008 CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED
0x00000010 CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED
0x00000080 CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED
0x00000200 CODEINTEGRITY_OPTION_FLIGHTING_ENABLED