hfiref0x/1.c

## 1.c
__int64 __fastcall CiQueryInformation(
        SYSTEM_CODEINTEGRITY_INFORMATION *CodeIntegrityInformation,
        unsigned int CodeIntegrityInformationLength,
        char SeILSigningPolicyNotUnchecked,
        _DWORD *ReturnLength)
{
  unsigned int v8; // esi
  __int64 v9; // r8
  int CodeIntegrityOptions; // ecx
  int v11; // edx
  int v12; // er10
  int v13; // er11
  int v14; // eax
  __int64 v16; // [rsp+28h] [rbp-20h] BYREF
  char v17; // [rsp+58h] [rbp+10h] BYREF
  int v18; // [rsp+68h] [rbp+20h] BYREF

  v8 = 0;
  v16 = 0i64;
  v18 = 0;
  ExAcquirePushLockSharedEx(&g_CipPolicyLock, 0i64);
  *ReturnLength = 8;
  if ( CodeIntegrityInformationLength >= 8 )
  {
    if ( CodeIntegrityInformation->Length == 8 && CodeIntegrityInformationLength == 8 )
    {
      CodeIntegrityInformation->CodeIntegrityOptions = 0;
      LOBYTE(v9) = SeILSigningPolicyNotUnchecked;
      if ( XciQueryInformation(&v16, 8i64, v9, &v18) >= 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= HIDWORD(v16);
      if ( (g_CiOptions & 2) != 0 && (!KdDebuggerEnabled || KdDebuggerNotPresent || (g_CiOptions & 0x10) != 0) )
        CodeIntegrityInformation->CodeIntegrityOptions |= 1u;
      if ( (g_CiOptions & 8) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 2u;// CODEINTEGRITY_OPTION_TESTSIGN
      if ( KdDebuggerEnabled && KdDebuggerNotPresent != 1 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x80u;
      CodeIntegrityOptions = CodeIntegrityInformation->CodeIntegrityOptions;
      if ( SeILSigningPolicyNotUnchecked )
      {
        CodeIntegrityOptions |= 4u;
        CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
        v11 = CodeIntegrityOptions;
        if ( (g_CiDeveloperMode & 1) != 0 )
        {
          CodeIntegrityOptions |= 8u;
          CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
          v11 = CodeIntegrityOptions;
        }
        if ( (g_CiDeveloperMode & 2) != 0 )
        {
          CodeIntegrityOptions = v11 | 0x10;
          CodeIntegrityInformation->CodeIntegrityOptions = v11 | 0x10;
        }
      }
      if ( (g_CiDeveloperMode & 0x80u) != 0 )
      {
        CodeIntegrityOptions |= 0x200u;
        CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
      }
      CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
      if ( Feature_Hub_20H2_WLDP__private_IsEnabled() && (g_CiOptions & 0x800000) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x40000u;
      if ( (g_CiOptions & 0x4000) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x2000u;
      if ( (g_CiOptions & 0x8000) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x400u;
      if ( (g_CiOptions & 0x10000) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x1000u;
      if ( (g_CiOptions & 0x200000) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x10000u;
      if ( (g_CiDeveloperMode & 0x100) != 0 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x800u;
      v17 = 1;
      if ( (g_CiOptions & 8) == 0 )
      {
        if ( CipWhqlEnforcementEnabled(&v17) )
        {
          v14 = v13 | CodeIntegrityInformation->CodeIntegrityOptions;
          CodeIntegrityInformation->CodeIntegrityOptions = v14;
          if ( v17 )
            CodeIntegrityInformation->CodeIntegrityOptions = v12 | v14;
        }
      }
      if ( qword_1C0037518 )
        CodeIntegrityInformation->CodeIntegrityOptions |= 0x20000u;
    }
    else
    {
      v8 = -1073741820;
    }
  }
  else
  {
    v8 = -1073741820;
  }
  ExReleasePushLockSharedEx(&g_CipPolicyLock, 0i64);
  return v8;
}
	__int64 __fastcall CiQueryInformation(
	SYSTEM_CODEINTEGRITY_INFORMATION *CodeIntegrityInformation,
	unsigned int CodeIntegrityInformationLength,
	char SeILSigningPolicyNotUnchecked,
	_DWORD *ReturnLength)
	{
	unsigned int v8; // esi
	__int64 v9; // r8
	int CodeIntegrityOptions; // ecx
	int v11; // edx
	int v12; // er10
	int v13; // er11
	int v14; // eax
	__int64 v16; // [rsp+28h] [rbp-20h] BYREF
	char v17; // [rsp+58h] [rbp+10h] BYREF
	int v18; // [rsp+68h] [rbp+20h] BYREF

	v8 = 0;
	v16 = 0i64;
	v18 = 0;
	ExAcquirePushLockSharedEx(&g_CipPolicyLock, 0i64);
	*ReturnLength = 8;
	if ( CodeIntegrityInformationLength >= 8 )
	{
	if ( CodeIntegrityInformation->Length == 8 && CodeIntegrityInformationLength == 8 )
	{
	CodeIntegrityInformation->CodeIntegrityOptions = 0;
	LOBYTE(v9) = SeILSigningPolicyNotUnchecked;
	if ( XciQueryInformation(&v16, 8i64, v9, &v18) >= 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= HIDWORD(v16);
	if ( (g_CiOptions & 2) != 0 && (!KdDebuggerEnabled \|\| KdDebuggerNotPresent \|\| (g_CiOptions & 0x10) != 0) )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 1u;
	if ( (g_CiOptions & 8) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 2u;// CODEINTEGRITY_OPTION_TESTSIGN
	if ( KdDebuggerEnabled && KdDebuggerNotPresent != 1 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x80u;
	CodeIntegrityOptions = CodeIntegrityInformation->CodeIntegrityOptions;
	if ( SeILSigningPolicyNotUnchecked )
	{
	CodeIntegrityOptions \|= 4u;
	CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
	v11 = CodeIntegrityOptions;
	if ( (g_CiDeveloperMode & 1) != 0 )
	{
	CodeIntegrityOptions \|= 8u;
	CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
	v11 = CodeIntegrityOptions;
	}
	if ( (g_CiDeveloperMode & 2) != 0 )
	{
	CodeIntegrityOptions = v11 \| 0x10;
	CodeIntegrityInformation->CodeIntegrityOptions = v11 \| 0x10;
	}
	}
	if ( (g_CiDeveloperMode & 0x80u) != 0 )
	{
	CodeIntegrityOptions \|= 0x200u;
	CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
	}
	CodeIntegrityInformation->CodeIntegrityOptions = CodeIntegrityOptions;
	if ( Feature_Hub_20H2_WLDP__private_IsEnabled() && (g_CiOptions & 0x800000) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x40000u;
	if ( (g_CiOptions & 0x4000) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x2000u;
	if ( (g_CiOptions & 0x8000) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x400u;
	if ( (g_CiOptions & 0x10000) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x1000u;
	if ( (g_CiOptions & 0x200000) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x10000u;
	if ( (g_CiDeveloperMode & 0x100) != 0 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x800u;
	v17 = 1;
	if ( (g_CiOptions & 8) == 0 )
	{
	if ( CipWhqlEnforcementEnabled(&v17) )
	{
	v14 = v13 \| CodeIntegrityInformation->CodeIntegrityOptions;
	CodeIntegrityInformation->CodeIntegrityOptions = v14;
	if ( v17 )
	CodeIntegrityInformation->CodeIntegrityOptions = v12 \| v14;
	}
	}
	if ( qword_1C0037518 )
	CodeIntegrityInformation->CodeIntegrityOptions \|= 0x20000u;
	}
	else
	{
	v8 = -1073741820;
	}
	}
	else
	{
	v8 = -1073741820;
	}
	ExReleasePushLockSharedEx(&g_CipPolicyLock, 0i64);
	return v8;
	}