2.0.5

Add IUM flags to output

Source/WinObjEx64/sysinfoDlg.c

@@ -191,6 +191,7 @@ VOID SysInfoCollectInformation(
     WCHAR szBuffer[MAX_PATH * 4], szWineVer[40];
     WCHAR szTemp[MAX_PATH];
 
+    SYSTEM_ISOLATED_USER_MODE_INFORMATION IsolatedUM;
     SYSTEM_CODEINTEGRITY_INFORMATION CodeIntegrity;
     SYSTEM_KERNEL_VA_SHADOW_INFORMATION KernelVaShadow;
     SYSTEM_VSM_PROTECTION_INFORMATION VsmProtectionInfo;
@@ -492,6 +493,9 @@ VOID SysInfoCollectInformation(
 
     AddParameterValueUlong(hwndOutput, TEXT("System.DpiValue"), (ULONG)supGetDPIValue(NULL));
 
+    //
+    // CI flags.
+    //
     CodeIntegrity.Length = sizeof(CodeIntegrity);
     CodeIntegrity.CodeIntegrityOptions = 0;
     if (NT_SUCCESS(NtQuerySystemInformation(
@@ -529,6 +533,9 @@ VOID SysInfoCollectInformation(
         }
     }
 
+    //
+    // Kernel VA Shadowing flags.
+    //
     KernelVaShadow.Flags = 0;
     if (NT_SUCCESS(NtQuerySystemInformation(
         SystemKernelVaShadowInformation,
@@ -539,6 +546,9 @@ VOID SysInfoCollectInformation(
         AddParameterValue32Hex(hwndOutput, TEXT("System.KvaShadowFlags"), KernelVaShadow.Flags);
     }
 
+    //
+    // Speculation Control flags.
+    //
     SpecControlInfo.v2.Flags2 = 0;
     SpecControlInfo.v2.Flags = 0;
     bytesIO = sizeof(SpecControlInfo);
@@ -555,11 +565,27 @@ VOID SysInfoCollectInformation(
 
     }
 
-    AddParameterValue(hwndOutput, TEXT("System.TempDirectory"), g_WinObj.szTempDirectory);
-    AddParameterValue(hwndOutput, TEXT("System.WindowsDirectory"), g_WinObj.szWindowsDirectory);
-    AddParameterValue(hwndOutput, TEXT("System.SystemDirectory"), g_WinObj.szSystemDirectory);
-    AddParameterValue(hwndOutput, TEXT("System.ProgramDirectory"), g_WinObj.szProgramDirectory);
+    //
+    // Isolated UM flags.
+    //
+    RtlSecureZeroMemory(&IsolatedUM, sizeof(SYSTEM_ISOLATED_USER_MODE_INFORMATION));
+    ntStatus = NtQuerySystemInformation(SystemIsolatedUserModeInformation, &IsolatedUM, sizeof(IsolatedUM), &bytesIO);
+    if (NT_SUCCESS(ntStatus)) {
+        AddParameterValueBool(hwndOutput, TEXT("IUM.SecureKernelRunning"), IsolatedUM.SecureKernelRunning);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HvciEnabled"), IsolatedUM.HvciEnabled);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HvciStrictMode"), IsolatedUM.HvciStrictMode);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.DebugEnabled"), IsolatedUM.DebugEnabled);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.FirmwarePageProtection"), IsolatedUM.FirmwarePageProtection);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.TrustletRunning"), IsolatedUM.TrustletRunning);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HvciDisableAllowed"), IsolatedUM.HvciDisableAllowed);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HardwareEnforcedVbs"), IsolatedUM.HardwareEnforcedVbs);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HardwareEnforcedHvpt"), IsolatedUM.HardwareEnforcedHvpt);
+        AddParameterValueBool(hwndOutput, TEXT("IUM.HardwareHvptAvailable"), IsolatedUM.HardwareHvptAvailable);
+    }
 
+    //
+    // VSM protection flags.
+    //
     RtlSecureZeroMemory(&VsmProtectionInfo, sizeof(VsmProtectionInfo));
     if (NT_SUCCESS(NtQuerySystemInformation(
         SystemVsmProtectionInformation,
@@ -573,6 +599,14 @@ VOID SysInfoCollectInformation(
         AddParameterValueBool(hwndOutput, TEXT("Vsm.ApicVirtualizationAvailable"), VsmProtectionInfo.ApicVirtualizationAvailable);
     }
 
+    //
+    // Global directories.
+    //
+    AddParameterValue(hwndOutput, TEXT("System.TempDirectory"), g_WinObj.szTempDirectory);
+    AddParameterValue(hwndOutput, TEXT("System.WindowsDirectory"), g_WinObj.szWindowsDirectory);
+    AddParameterValue(hwndOutput, TEXT("System.SystemDirectory"), g_WinObj.szSystemDirectory);
+    AddParameterValue(hwndOutput, TEXT("System.ProgramDirectory"), g_WinObj.szProgramDirectory);
+
     //
     // End work with RichEdit.
     //