Skip to content

Instantly share code, notes, and snippets.

@tandasat
Last active July 11, 2024 14:19
Show Gist options
  • Save tandasat/890d4aad0c54f784f749ba5c894954d6 to your computer and use it in GitHub Desktop.
Save tandasat/890d4aad0c54f784f749ba5c894954d6 to your computer and use it in GitHub Desktop.
C code to check HVPT availability
#include <stdio.h>
#include <assert.h>
#include <Windows.h>
// Some of them were taken (and modified) from https://github.com/winsiderss/systeminformer
typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION
{
BOOLEAN SecureKernelRunning : 1;
BOOLEAN HvciEnabled : 1;
BOOLEAN HvciStrictMode : 1;
BOOLEAN DebugEnabled : 1;
BOOLEAN FirmwarePageProtection : 1;
BOOLEAN EncryptionKeyAvailable : 1;
BOOLEAN SpareFlags : 2;
BOOLEAN TrustletRunning : 1;
BOOLEAN HvciDisableAllowed : 1;
BOOLEAN SpareFlags1 : 1;
BOOLEAN SpareFlags2 : 1;
BOOLEAN SpareFlags3 : 1;
BOOLEAN HvptEnabled : 1;
BOOLEAN HvptCapable : 1;
BOOLEAN SpareFlags6 : 1;
BOOLEAN Spare0[6];
ULONGLONG Spare1;
} SYSTEM_ISOLATED_USER_MODE_INFORMATION, * PSYSTEM_ISOLATED_USER_MODE_INFORMATION;
typedef enum _SYSTEM_INFORMATION_CLASS
{
SystemIsolatedUserModeInformation = 165,
} SYSTEM_INFORMATION_CLASS;
typedef
NTSTATUS
(NTAPI* ZWQUERYSYSTEMINFORMATION)(
_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
_Out_writes_bytes_opt_(SystemInformationLength) PVOID SystemInformation,
_In_ ULONG SystemInformationLength,
_Out_opt_ PULONG ReturnLength
);
int main()
{
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation =
(ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandleW(L"ntdll"), "ZwQuerySystemInformation");
assert(ZwQuerySystemInformation);
ULONG returnLength = 0;
SYSTEM_ISOLATED_USER_MODE_INFORMATION info = { 0 };
NTSTATUS status = ZwQuerySystemInformation(
SystemIsolatedUserModeInformation,
&info,
sizeof(info),
&returnLength);
assert(status == 0);
printf("HVPT capable: %d\n", info.HvptCapable);
printf("HVPT enabled: %d\n", info.HvptEnabled);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment