SetProcessMitigationPolicy function
Sets the mitigation policy for the calling process.
Syntax
BOOL WINAPI SetProcessMitigationPolicy( _In_ PROCESS_MITIGATION_POLICY MitigationPolicy, _In_ PVOID lpBuffer, _In_ SIZE_T dwLength );
Parameters
- MitigationPolicy [in]
-
The mitigation policy to apply. This parameter can be one of the following values.
Value Meaning - ProcessDEPPolicy
The data execution prevention (DEP) policy of the process.
The lpBuffer parameter points to a PROCESS_MITIGATION_DEP_POLICY structure that specifies the DEP policy flags.
- ProcessASLRPolicy
The Address Space Layout Randomization (ASLR) policy of the process.
The lpBuffer parameter points to a PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
- ProcessStrictHandleCheckPolicy
The process will receive a fatal error if it manipulates a handle that is not valid.
The lpBuffer parameter points to a PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
- ProcessSystemCallDisablePolicy
Disables the ability to use NTUser/GDI functions at the lowest layer.
The lpBuffer parameter points to a PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
- ProcessExtensionPointDisablePolicy
The lpBuffer parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.
- lpBuffer [in]
-
If the MitigationPolicy parameter is ProcessDEPPolicy, this parameter points to a PROCESS_MITIGATION_DEP_POLICY structure that specifies the DEP policy flags.
If the MitigationPolicy parameter is ProcessASLRPolicy, this parameter points to a PROCESS_MITIGATION_ASLR_POLICY structure that specifies the ASLR policy flags.
If the MitigationPolicy parameter is ProcessStrictHandleCheckPolicy, this parameter points to a PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY structure that specifies the handle check policy flags.
If the MitigationPolicy parameter is ProcessSystemCallDisablePolicy, this parameter points to a PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY structure that specifies the system call disable policy flags.
If the MitigationPolicy parameter is ProcessExtensionPointDisablePolicy, this parameter points to a PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY structure that specifies the extension point disable policy flags.
- dwLength [in]
-
The size of lpBuffer, in bytes.
Return value
If the function succeeds, it returns TRUE. If the function fails, it returns FALSE. To retrieve error values defined for this function, call GetLastError.
Remarks
Setting mitigation policy for a process helps prevent an attacker from exploiting security vulnerabilities. Use the SetProcessMitigationPolicy function to enable or disable security mitigation programmatically.
For maximum effectiveness, mitigation policies should be applied during process initialization. For example, setting the ASLR policy that enables forced relocation of images is effective only if it is applied before all of the images in a process have been loaded.
ASLR mitigation policies cannot be made less restrictive after they have been applied.
To compile an application that uses this function, set _WIN32_WINNT >= 0x0602. For more information, see Using the Windows Headers.
Requirements
|
Minimum supported client | Windows 8 [desktop apps only] |
|---|---|
|
Minimum supported server | Windows Server 2012 [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|
Send comments about this topic to Microsoft
Build date: 11/21/2012
