Windows test mode sign

Hey everyone, can someone prompt. How I can detect if enabled test sign mode? I tried looking about this on msdn and other resources, but I didn’t find anything, thanks everyone for help.

From kernel mode? No. Otherwise just process the output from bcdedit using the shell of your choice.

> @Mark_Roddy said: > From kernel mode? No. Otherwise just process the output from bcdedit using the shell of your choice. Thanks for answer. I thought about ZwQuerySystemInformation and CODEINTEGRITY_OPTION_TESTSIGN I don’t know would be work this in kernel but in usermode it’s works good, I mean NtQuerySystemInformation.

just tested, it’s work perfect with ZwQuerySystemInformation

1 Like