EN
Este conteúdo não está disponível em seu idioma, mas aqui está a versão em inglês.

UpdateProcThreadAttribute function

Updates the specified attribute in a list of attributes for process and thread creation.

Syntax


BOOL WINAPI UpdateProcThreadAttribute(
  _Inout_    LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
  _In_       DWORD dwFlags,
  _In_       DWORD_PTR Attribute,
  _In_       PVOID lpValue,
  _In_       SIZE_T cbSize,
  _Out_opt_  PVOID lpPreviousValue,
  _In_opt_   PSIZE_T lpReturnSize
);

Parameters

lpAttributeList [in, out]

A pointer to an attribute list created by the InitializeProcThreadAttributeList function.

dwFlags [in]

This parameter is reserved and must be zero.

Attribute [in]

The attribute key to update in the attribute list. This parameter can be one of the following values.

ValueMeaning
PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY

The lpValue parameter is a pointer to a GROUP_AFFINITY structure that specifies the processor group affinity for the new thread.

Windows Server 2008 and Windows Vista:  This value is not supported until Windows 7 and Windows Server 2008 R2.

PROC_THREAD_ATTRIBUTE_HANDLE_LIST

The lpValue parameter is a pointer to a list of handles to be inherited by the child process.

These handles must be created as inheritable handles and must not include pseudo handles such as those returned by the GetCurrentProcess or GetCurrentThread function.

PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR

The lpValue parameter is a pointer to a PROCESSOR_NUMBER structure that specifies the ideal processor for the new thread.

Windows Server 2008 and Windows Vista:  This value is not supported until Windows 7 and Windows Server 2008 R2.

PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY

The lpValue parameter is a pointer to a DWORD or DWORD64 that specifies the exploit mitigation policy for the child process.

The specified policy overrides the policies set for the application and the system and cannot be changed after the child process starts running.

Windows Server 2008 and Windows Vista:  This value is not supported until Windows 7 and Windows Server 2008 R2.

The DWORD or DWORD64 pointed to by lpValue can be one or more of the values listed in the remarks.

PROC_THREAD_ATTRIBUTE_PARENT_PROCESS

The lpValue parameter is a pointer to a handle to a process to use instead of the calling process as the parent for the process being created. The process to use must have the PROCESS_CREATE_PROCESS access right.

Attributes inherited from the specified process include handles, the device map, processor affinity, priority, quotas, the process token, and job object. (Note that some attributes such as the debug port will come from the creating process, not the process specified by this handle.)

PROC_THREAD_ATTRIBUTE_PREFERRED_NODE

The lpValue parameter is a pointer to the node number of the preferred NUMA node for the new process.

Windows Server 2008 and Windows Vista:  This value is not supported until Windows 7 and Windows Server 2008 R2.

PROC_THREAD_ATTRIBUTE_UMS_THREAD

The lpValue parameter is a pointer to a UMS_CREATE_THREAD_ATTRIBUTES structure that specifies a user-mode scheduling (UMS) thread context and a UMS completion list to associate with the thread.

After the UMS thread is created, the system queues it to the specified completion list. The UMS thread runs only when an application's UMS scheduler retrieves the UMS thread from the completion list and selects it to run. For more information, see User-Mode Scheduling.

Windows Server 2008 and Windows Vista:  This value is not supported until Windows 7 and Windows Server 2008 R2.

PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES

The lpValue parameter is a pointer to a SECURITY_CAPABILITIES structure that defines the security capabilities of an app container. If this attribute is set the new process will be created as an AppContainer process.

Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista:  This value is not supported until Windows 8 and Windows Server 2012.

PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL

The lpValue parameter is a pointer to a DWORD value of PROTECTION_LEVEL_SAME. This specifies the protection level of the child process to be the same as the protection level of its parent process.

 

lpValue [in]

A pointer to the attribute value. This value should persist until the attribute is destroyed using the DeleteProcThreadAttributeList function.

cbSize [in]

The size of the attribute value specified by the lpValue parameter.

lpPreviousValue [out, optional]

This parameter is reserved and must be NULL.

lpReturnSize [in, optional]

This parameter is reserved and must be NULL.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

An attribute list is an opaque structure that consists of a series of key/value pairs, one for each attribute. A process can update only the attribute keys described in this topic.

The DWORD or DWORD64 pointed to by lpValue can be one or more of the following values:

PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)

Enables data execution prevention (DEP) for the child process. For more information, see Data Execution Prevention.

PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)

Enables DEP-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Active Template Library (ATL) thunk layer. This value can be specified only with PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE.

PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)

Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique.

Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista:  The following values are not supported until Windows 8 and Windows Server 2012.

The force Address Space Layout Randomization (ASLR) policy, if enabled, forcibly rebases images that are not dynamic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not have a base relocation section will not be loaded.

The following mitigation options are available for mandatory ASLR policy:

PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8)
PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8)
PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8)

The heap terminate on corruption policy, if enabled, causes the heap to terminate if it becomes corrupt. Note that 'always off' does not override the default opt-in for binaries with current subsystem versions set in the image header. Heap terminate on corruption is user mode enforced.

The following mitigation options are available for heap terminate on corruption policy:

PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12)
PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12)

The bottom-up randomization policy, which includes stack randomization options, causes a random location to be used as the lowest user address.

The following mitigation options are available for the bottom-up randomization policy:

PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16)
PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16)

The high-entropy bottom-up randomization policy, if enabled, causes up to 1TB of bottom-up variance to be used. Note that high-entropy bottom-up randomization is effective if and only if bottom-up ASLR is also enabled; high-entropy bottom-up randomization is only meaningful for native 64-bit processes.

The following mitigation options are available for the high-entropy bottom-up randomization policy:

PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20)
PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20)

The strict handle checking enforcement policy, if enabled, causes an exception to be raised immediately on a bad handle reference. If this policy is not enabled, a failure status will be returned from the handle reference instead.

The following mitigation options are available for the strict handle checking enforcement policy:

PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24)
PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24)

The Win32k system call disable policy, if enabled, prevents a process from making Win32k calls.

The following mitigation options are available for the Win32k system call disable policy:

PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28)
PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28)

The Extension Point Disable policy, if enabled, prevents certain built-in third party extension points from being used. For example, window hooks are not enabled, App_InitDLLs aren't loaded, and certain win32k accessibility extension points aren't enabled. This is used to prevent legacy extension point DLLs from being loaded into a process that doesn't use them.

The following mitigation options are available for the extension point disable policy:

PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001 << 32)
PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002 << 32)

In order to launch the child process with the same protection level as the parent, the parent process must specify the PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL attribute for the child process. This can be used for both protected and unprotected processes. For example, when this flag is used by an unprotected process, the system will launch a child process at unprotected level. The CREATE_PROTECTED_PROCESS flag must be specified in both cases.

The following example launches a child process with the same protection level as the parent process:


DWORD ProtectionLevel = PROTECTION_LEVEL_SAME;
SIZE_T AttributeListSize;

STARTUPINFOEXW StartupInfoEx = { 0 };

StartupInfoEx.StartupInfo.cb = sizeof(StartupInfoEx);

if (InitializeProcThreadAttributeList(NULL,
                                      1,
                                      0,
                                      &AttributeListSize) == FALSE)
{
    Result = GetLastError();
    goto exitFunc;
}

StartupInfoEx.lpAttributeList = (LPPROC_THREAD_ATTRIBUTE_LIST) HeapAlloc(
    GetProcessHeap(),
    0,
    AttributeListSize
    );

if (InitializeProcThreadAttributeList(StartupInfoEx.lpAttributeList,
                                      1,
                                      0,
                                      &AttributeListSize) == FALSE)
{
    Result = GetLastError();
    goto exitFunc;
}

if (UpdateProcThreadAttribute(StartupInfoEx.lpAttributeList,
                              0,
                              PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL,
                              &ProtectionLevel,
                              sizeof(ProtectionLevel),
                              NULL,
                              NULL) == FALSE)
{
    Result = GetLastError();
    goto exitFunc;
}

PROCESS_INFORMATION ProcessInformation = { 0 };

if (CreateProcessW(ApplicationName,
                   CommandLine,
                   ProcessAttributes,
                   ThreadAttributes,
                   InheritHandles,
                   EXTENDED_STARTUPINFO_PRESENT | CREATE_PROTECTED_PROCESS,
                   Environment,
                   CurrentDirectory,
                   (LPSTARTUPINFOW)&StartupInfoEx,
                   &ProcessInformation) == FALSE)
{
    Result = GetLastError();
    goto exitFunc;
}

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinBase.h on Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 (include Windows.h);
Processthreadsapi.h on Windows 8 and Windows Server 2012

Library

Kernel32.lib

DLL

Kernel32.dll

See also

DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
Process and Thread Functions

 

 

Contribuições da comunidade

ADICIONAR
Mostrar:
© 2014 Microsoft