From 6ddd8dc4cc6e12e9ec12518d9bb10084f643100a Mon Sep 17 00:00:00 2001 From: JimmahDean Date: Thu, 23 May 2024 20:50:51 -0600 Subject: [PATCH] Get Core Isolation value and limited memory bcd. Added better logging to WMI ram info --- client/Monolith.cs | 2 ++ client/data/Cache.cs | 1 + client/data/Methods/Hardware.cs | 2 ++ client/data/Methods/System.cs | 4 +++- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/client/Monolith.cs b/client/Monolith.cs index d294b18..0f65727 100644 --- a/client/Monolith.cs +++ b/client/Monolith.cs @@ -390,6 +390,7 @@ public class MonolithSystem public int RecentMinidumps; public string DumpZip; public bool? StaticCoreCount; + public bool? LimitedMemory; public List ChoiceRegistryValues; public bool? UsernameSpecialCharacters; public int? OneDriveCommercialPathLength; @@ -419,6 +420,7 @@ public MonolithSystem() RecentMinidumps = Cache.RecentMinidumps; DumpZip = Cache.DumpZip; StaticCoreCount = Cache.StaticCoreCount; + LimitedMemory = Cache.LimitedMemory; ChoiceRegistryValues = Cache.ChoiceRegistryValues; UsernameSpecialCharacters = Cache.UsernameSpecialCharacters; OneDriveCommercialPathLength = Cache.OneDriveCommercialPathLength; diff --git a/client/data/Cache.cs b/client/data/Cache.cs index af16043..a598a18 100644 --- a/client/data/Cache.cs +++ b/client/data/Cache.cs @@ -68,6 +68,7 @@ public static partial class Cache public static int RecentMinidumps { get; private set; } public static string DumpZip { get; private set; } public static bool? StaticCoreCount { get; private set; } + public static bool? LimitedMemory { get; private set; } public static List MonitorInfo { get; private set; } public static List EdidData { get; private set; } public static bool? UsernameSpecialCharacters { get; private set; } diff --git a/client/data/Methods/Hardware.cs b/client/data/Methods/Hardware.cs index 227085c..c8e42c4 100644 --- a/client/data/Methods/Hardware.cs +++ b/client/data/Methods/Hardware.cs @@ -176,6 +176,7 @@ private static async Task GetWmiMemoryInfo() SMBiosRamInfo = false; List RamInfo = new(); var WmiRamData = GetWmi("Win32_PhysicalMemory"); + LogEvent($"Gathering memory information from WMI. {WmiRamData.Count} sticks detected.", Region.Hardware); foreach (var wmiStick in WmiRamData) { RamStick stick = new(); @@ -206,6 +207,7 @@ private static async Task GetWmiMemoryInfo() RamInfo.Add(stick); } Ram = RamInfo; + LogEvent($"Completed gathering memory information from WMI.", Region.Hardware); } //MONITORS diff --git a/client/data/Methods/System.cs b/client/data/Methods/System.cs index ee25b67..5af338d 100644 --- a/client/data/Methods/System.cs +++ b/client/data/Methods/System.cs @@ -495,6 +495,7 @@ private static async Task GetStaticCoreCount() StaticCoreCount = null; } StaticCoreCount = output.Contains("numproc"); + LimitedMemory = output.Contains("allowedinmemorysettings"); } } @@ -583,12 +584,13 @@ private static async Task RegistryCheck() var hwNotificationCache = new RegistryValue(Registry.CurrentUser, @"Control Panel\UnsupportedHardwareNotificationCache", "SV2"); hwNotificationCache.Name = "UnsupportedHardwareNotificationCache\\SV2"; var prioritySeparation = new RegistryValue(Registry.LocalMachine, @"SYSTEM\CurrentControlSet\Control\PriorityControl", "Win32PrioritySeparation"); + var coreIsolation = new RegistryValue(Registry.LocalMachine, @"SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios", "HypervisorEnforcedCodeIntegrity"); ChoiceRegistryValues = new List() { tdrLevel, nbFLimit, throttlingIndex, superFetch, disableAv, disableAs, puaProtection, passiveMode, disableAvpolicy, disableAspolicy, puaProtectionpolicy, passiveModepolicy, drii, disableWer,unsupportedTpmOrCpu, hwSchMode, WUServer, noAutoUpdate, fastBoot, auditBoot, - previewBuilds, bypassCpuCheck, bypassStorageCheck, bypassRamCheck, bypassTpmCheck, bypassSecureBootCheck, hwNotificationCache, prioritySeparation + previewBuilds, bypassCpuCheck, bypassStorageCheck, bypassRamCheck, bypassTpmCheck, bypassSecureBootCheck, hwNotificationCache, prioritySeparation, coreIsolation }; } catch (Exception ex)