逆向 | 检查系统强制签名检查是否开启
存一份代码:
#include <stdio.h>
#include <Windows.h>
#include <winternl.h>
//#include <Ntstatus.h>
#pragma comment(lib,"ntdll.lib")
int main()
{SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };info.Length = 8; // 调用方设置ULONG ret_len = 0;NTSTATUS status = NtQuerySystemInformation(SystemCodeIntegrityInformation, &info, sizeof(info), &ret_len);if (NT_SUCCESS(status)) {printf("ok %ld\n", ret_len);printf(" > %ld \n", info.Length);printf(" > %lx \n", info.CodeIntegrityOptions);if (info.CodeIntegrityOptions & 1) {printf("开启了强制签名 \n");}}else {printf("err [%x]\n", status);}return 0;}