SYSTEM_CODEINTEGRITY_INFORMATION

The SYSTEM_CODEINTEGRITY_INFORMATION structure provides input to and receives output from the ZwQuerySystemInformation or NtQuerySystemInformation functions when given the information class SystemCodeIntegrityInformation (0x67).

Documentation Status

The SYSTEM_CODEINTEGRITY_INFORMATION structure used not to be documented. It still has no C-language definition in any header, including WINTERNL.H, from any known development kit. It is however documented with NtQuerySystemInformation as found online today, 28th October 2016. When it was added may be anyone’s guess.

Layout

The SYSTEM_CODEINTEGRITY_INFORMATION is 0x08 bytes in both 32-bit and 64-bit Windows.

Offset	Definition	Remarks
0x00	ULONG Length;	input
0x04	ULONG CodeIntegrityOptions;	output

On input, the Length must hold the size of the structure, else the function fails, returning STATUS_INFO_LENGTH_MISMATCH. On output, the possible bits that CI.DLL can set in the CodeIntegrityOptions are (up to the original release of Windows 10):

Mask	Symbolic Name	Versions
0x00000001	CODEINTEGRITY_OPTION_ENABLED	6.0 and higher
0x00000002	CODEINTEGRITY_OPTION_TESTSIGN	6.0 and higher
0x00000004	CODEINTEGRITY_OPTION_UMCI_ENABLED	6.2 and higher
0x00000008	CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED	6.2 and higher
0x00000010	CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED	6.2 and higher
0x00000080	CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED	6.3 and higher
0x00000200	CODEINTEGRITY_OPTION_FLIGHTING_ENABLED	10.0 and higher
0x00000400	CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED	10.0 and higher (x64)
0x00000800	CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED	10.0 and higher (x64)
0x00001000	CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED	10.0 and higher (x64)
0x00002000	CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED	10.0 and higher (x64)

CI version 10.0 allows that the CodeIntegrityOptions can be set first by an extension for Xbox support. Whether this extension can set flags that CI does not is beyond the scope of these notes.