Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Stores information about process mitigation policy.
Syntax
typedef struct _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
union {
ULONG Flags;
struct {
ULONG EnableExportAddressFilter : 1;
ULONG AuditExportAddressFilter : 1;
ULONG EnableExportAddressFilterPlus : 1;
ULONG AuditExportAddressFilterPlus : 1;
ULONG EnableImportAddressFilter : 1;
ULONG AuditImportAddressFilter : 1;
ULONG EnableRopStackPivot : 1;
ULONG AuditRopStackPivot : 1;
ULONG EnableRopCallerCheck : 1;
ULONG AuditRopCallerCheck : 1;
ULONG EnableRopSimExec : 1;
ULONG AuditRopSimExec : 1;
ULONG ReservedFlags : 20;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
} PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PPROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
Members
DUMMYUNIONNAME
DUMMYUNIONNAME.Flags
Bitwise of flags in this structure.
DUMMYUNIONNAME.DUMMYSTRUCTNAME
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableExportAddressFilter
If set this enables the Export Address Filter mitigation in enforcement mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditExportAddressFilter
If set this enables the Export Address Filter mitigation in audit mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableExportAddressFilterPlus
If set this enables the Export Address Filter Plus mitigation in enforcement mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditExportAddressFilterPlus
If set this enables the Export Address Filter mitigation in audit mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableImportAddressFilter
If set this enables the Import Address Filter mitigation in enforcement mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditImportAddressFilter
If set this enables the Import Address Filter mitigation in enforcement mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopStackPivot
If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopStackPivot
If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in audit mode for the process.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopCallerCheck
If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. Applies to 32-bit processes only.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopCallerCheck
If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies to 32-bit processes only.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopSimExec
If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. Applies to 32-bit processes only.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopSimExec
If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies to 32-bit processes only.
DUMMYUNIONNAME.DUMMYSTRUCTNAME.ReservedFlags
Reserved.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10, version 1709 |
| Minimum supported server | Windows Server 2016 |
| Header | ntddk.h |