Get-NtSystemInformation can now query UMCI info

Get-NtSystemInformation now returns SystemCodeIntegrityInformation -
i.e. user-mode code integrity settings. This required reverse
engineering a dll that is only present on Windows 8 ARM devices.

1 files changed, 21 insertions, 0 deletions

diff --git a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
index 10d16d4..41b5280 100644
--- a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
+++ b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
@@ -415,5 +415,26 @@
                 </ListEntries>
             </ListControl>
         </View>
+        <View>
+            <Name>CodeIntegrityTypeView</Name>
+                <ViewSelectedBy>
+		            <TypeName>_SYSTEM_CODEINTEGRITY_INFORMATION</TypeName>
+		        </ViewSelectedBy>
+            <ListControl>
+                <ListEntries>
+                    <ListEntry>
+                        <ListItems>
+                            <ListItem>
+                                <PropertyName>CodeIntegrityOptions</PropertyName>
+                                <FormatString>0x{0:X8}</FormatString>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>LockdownState</PropertyName>
+                            </ListItem>
+                        </ListItems>
+                    </ListEntry>
+                </ListEntries>
+            </ListControl>
+        </View>
     </ViewDefinitions>
 </Configuration>
\ No newline at end of file