Updates the specified attribute in a list of attributes for process and thread creation.
BOOL WINAPI UpdateProcThreadAttribute( _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, _In_ DWORD dwFlags, _In_ DWORD_PTR Attribute, _In_ PVOID lpValue, _In_ SIZE_T cbSize, _Out_opt_ PVOID lpPreviousValue, _In_opt_ PSIZE_T lpReturnSize );
- lpAttributeList [in, out]
A pointer to an attribute list created by the InitializeProcThreadAttributeList function.
- dwFlags [in]
This parameter is reserved and must be zero.
- Attribute [in]
The attribute key to update in the attribute list. This parameter can be one of the following values.
The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
The lpValue parameter is a pointer to a list of handles to be inherited by the child process.
The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process.
The specified policy overrides the policies set for the application and the system and cannot be changed after the child process starts running.Windows Server 2008 and Windows Vista: This value is not supported until Windows 7 and Windows Server 2008 R2.
The DWORD or DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks.
The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process being created. The process to use must have the PROCESS_CREATE_PROCESS access right.
Attributes inherited from the specified process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some attributes such as the debug port will come from the creating process, not the process specified by this handle.)
The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.
The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread context and a UMS completion list to associate with the thread.
After the UMS thread is created, the system queues it to the specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the completion list and selects it to run. For more information, see User-Mode Scheduling.
The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app container.Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista: This value is not supported until Windows 8 and Windows Server 2012.
- lpValue [in]
A pointer to the attribute value. This value should persist until the attribute is destroyed using the DeleteProcThreadAttributeList function.
- cbSize [in]
The size of the attribute value specified by the lpValue parameter.
- lpPreviousValue [out, optional]
This parameter is reserved and must be NULL.
- lpReturnSize [in, optional]
This parameter is reserved and must be NULL.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
An attribute list is an opaque structure that consists of a series of key/value pairs, one for each attribute. A process can update only the attribute keys described in this topic.
The DWORD or DWORD64 pointed to by lpValue can be one or more of the following values:
- PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)
Enables data execution prevention (DEP) for the child process. For more information, see Data Execution Prevention.
- PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)
Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer. This value can be specified only with PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE.
- PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)
Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.
Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista: The following values are not supported until Windows 8 and Windows Server 2012.
The force Address Space Layout Randomization (ASLR) policy, if enabled, forcibly rebases images that are not dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not have a base relocation section will not be loaded.
The following mitigation options are available for mandatory ASLR policy:
- PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8)
- PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8)
- PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8)
The heap terminate on corruption policy, if enabled, causes the heap to terminate if it becomes corrupt. Note that 'always off' does not override the default opt-in for binaries with current subsystem versions set in the image header. Heap terminate on corruption is user mode enforced.
The following mitigation options are available for heap terminate on corruption policy:
- PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12)
- PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12)
The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.
The following mitigation options are available for the bottom-up randomization policy:
- PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16)
- PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16)
The high-entropy bottom-up randomization policy, if enabled, causes up to 1TB of bottom-up variance to be used. Note that high-entropy bottom-up randomization is effective if and only if bottom-up ASLR is also enabled; high-entropy bottom-up randomization is only meaningful for native 64-bit processes.
The following mitigation options are available for the high-entropy bottom-up randomization policy:
- PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20)
- PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20)
The strict handle checking enforcement policy, if enabled, causes an exception to be raised immediately on a bad handle reference. If this policy is not enabled, a failure status will be returned from the handle reference instead.
The following mitigation options are available for the strict handle checking enforcement policy:
- PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24)
- PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24)
The Win32k system call disable policy, if enabled, prevents a process from making Win32k calls.
The following mitigation options are available for the Win32k system call disable policy:
- PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28)
- PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28)
The Extension Point Disable policy, if enabled, prevents certain built-in third party extension points from being used. For example, window hooks are not enabled, App_InitDLLs aren't loaded, and certain win32k accessibility extension points aren't enabled. This is used to prevent legacy extension point DLLs from being loaded into a process that doesn't use them.
The following mitigation options are available for the extension point disable policy:
- PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001 << 32)
- PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002 << 32)
Minimum supported client
|Windows Vista [desktop apps only]|
Minimum supported server
|Windows Server 2008 [desktop apps only]|
Build date: 11/21/2012