Finding a way to reliably detect the status of Core Isolation on Win 10 and 11 programmatically.

Rehan_Rizvi · August 4, 2023, 7:07pm

DETECTION:

How can we detect RELIABLY whether Core Isolation (aka Code Integrity/Memory Integrity) is enabled or not ?
What is the reliable and complete way to check.

Yes, we can detect through the registry. However, how do we make sure that every possible avenue has been checked i.e. could be enabled/disabled
through BIOS, or Group Policy or in Device Security through the Settings in UI?

DISABLING THE CORE ISOLATION (aka CODE INTEGRITY / MEMORY INTEGRITY):

Is there a PROGRAMMATIC way to
DISABLE CORE ISOLATION (aka CODE INTEGRITY / MEMORY INTEGRITY ) ?
What we are asking is that:
Are there any programmatic ways to DISABLE the Core Isolation (aka Code Integrity/Memory Integrity) ?
Using either C++, Powershell, WMI or other application programming interfaces?

Peter_Viscarola_OSR · August 4, 2023, 8:28pm

I don’t have an answer.

But I sure am curious about why you want to do this.

And given that it looks like you’re looking for a vulnerability to exploit, I don’t think anybody here is going to answer your question without you explaining to us the bigger picture of what you’re trying to accomplish and why.

Peter

tnodir · August 7, 2023, 11:57am

DETECTION:

Look at “eBPF for Windows”.