Method 1: variables exported through the kernel.
The Windows Kernel exports a variable. A ulong pointer. initsafebootmode. used to determine the mode in which the system runs. the driver can use this exported variable to determine the current mode of the system. the following describes some values of this variable: Value Mode
0 the operating system is not in safe mode.
1 safeboot_minimal
2 safeboot_network
3 * safeboot_dsrepair (for Windows domain controllers only)
To use this variable, you can refer to the following:
Extern Pulong initsafebootmode;
Then you can use code snippets similar to the following to make judgments.
If (* initsafebootmode> 0 ){
// The operating system is in safe mode.
// Take appropriate action.
//
}
Method 2: Use the Registry
In safe mode, the system will modify a key value in the Registry to record the current logon mode.
Hkey_local_machinesystemcurrentcontrolsetcontrolsafebootoption
Value of optionvalue, REG_DWORD type.
0 normal mode (optionvalue does not exist in Normal Mode)
1 mini Security Mode
2. Security Mode with network connection
When Windows is started, we can see that there is also a safe mode with command line,
In this mode, the value of optionvalue is also 1 (the same as that in mini security mode), and a key value is added.
Usealternateshell REG_DWORD type. The value is 1.