Expand Minimize

SetProcessMitigationPolicy function

Sets the mitigation policy for the calling process.

Syntax


BOOL WINAPI SetProcessMitigationPolicy(
  _In_  PROCESS_MITIGATION_POLICY MitigationPolicy,
  _In_  PVOID lpBuffer,
  _In_  SIZE_T dwLength
);

Parameters

MitigationPolicy [in]

The mitigation policy to apply. This parameter can be one of the following values.

ValueMeaning
ProcessDEPPolicy

The data execution prevention (DEP) policy of the process.

The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY structure that specifies the DEP policy flags.

ProcessASLRPolicy

The Address Space Layout Randomization (ASLR) policy of the process.

The lpBuffer parameter points to a PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.

ProcessStrictHandleCheckPolicy

The process will receive a fatal error if it manipulates a handle that is not valid.

The lpBuffer parameter points to a PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.

ProcessSystemCallDisablePolicy

Disables the ability to use NTUser/GDI functions at the lowest layer.

The lpBuffer parameter points to a PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.

ProcessExtensionPointDisablePolicy

The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.

 

lpBuffer [in]

If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY structure that specifies the DEP policy flags.

If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.

If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.

If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.

If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.

dwLength [in]

The size of lpBuffer, in bytes.

Return value

If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values defined for this function, call GetLastError.

Remarks

Setting mitigation policy for a process helps prevent an attacker from exploiting security vulnerabilities. Use the SetProcessMitigationPolicy function to enable or disable security mitigation programmatically.

For maximum effectiveness, mitigation policies should be applied during process initialization. For example, setting the ASLR policy that enables forced relocation of images is effective only if it is applied before all of the images in a process have been loaded.

ASLR mitigation policies cannot be made less restrictive after they have been applied.

To compile an application that uses this function, set _WIN32_WINNT >= 0x0602. For more information, see Using the Windows Headers.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

Processthreadsapi.h

Library

Kernel32.lib

DLL

Kernel32.dll

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.