From 77e1862430aa9499f7943e1d772d978c80542353 Mon Sep 17 00:00:00 2001
From: Mattiwatti <mattiwatti@gmail.com>
Date: Wed, 4 Dec 2019 08:16:19 +0100
Subject: Update SeCodeIntegrityQueryInformation signature

This makes this optional pattern scan work on the current Windows 10 20H1 preview release
---
 EfiGuardDxe/PatchNtoskrnl.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'EfiGuardDxe')

diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c
index c11d460..e37658a 100644
--- a/EfiGuardDxe/PatchNtoskrnl.c
+++ b/EfiGuardDxe/PatchNtoskrnl.c
@@ -35,12 +35,7 @@ STATIC CONST UINT8 SigSeCodeIntegrityQueryInformation[] = {
 	0xCC, 0x48, 0x83, 0x3D, 0xCC, 0xCC, 0xCC, 0xCC, 0x00,	// cmp cs:qword_14035E638, 0
 	0x4D, 0x8B, 0xC8,										// mov r9, r8
 	0x4C, 0x8B, 0xD1,										// mov r10, rcx
-	0x74, 0xCC,												// jz XX
-	0x8A, 0x05, 0xCC, 0xCC, 0xCC, 0xCC,						// mov al, cs:SeILSigningPolicy
-	0x0F, 0xB6, 0xC8,										// movzx ecx, al
-	0x84, 0xC0,												// test al, al
-	0x75, 0xCC,												// jnz XX
-	0x0F, 0xB6, 0x0D, 0xCC, 0xCC, 0xCC, 0xCC				// movzx ecx, cs:SeILSigningPolicyRuntime
+	0x74, 0xCC												// jz XX
 };
 
 // Patched SeCodeIntegrityQueryInformation which reports that DSE is enabled
-- 
cgit v1.2.3