Update phnt headers
This commit is contained in:
zeffy
@@ -1393,6 +1393,14 @@ typedef enum _SYSTEM_INFORMATION_CLASS
|
||||
SystemProcessorIdleMaskInformation, // since REDSTONE3
|
||||
SystemSecureDumpEncryptionInformation,
|
||||
SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION
|
||||
SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION
|
||||
SystemHypervisorSharedPageInformation, // REDSTONE4
|
||||
SystemFirmwareBootPerformanceInformation,
|
||||
SystemCodeIntegrityVerificationInformation,
|
||||
SystemFirmwarePartitionInformation, // 200
|
||||
SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above.
|
||||
SystemDmaGuardPolicyInformation,
|
||||
SystemEnclaveLaunchControlInformation,
|
||||
MaxSystemInfoClass
|
||||
} SYSTEM_INFORMATION_CLASS;
|
||||
|
||||
@@ -3078,6 +3086,44 @@ typedef struct _SYSTEM_WRITE_CONSTRAINT_INFORMATION
|
||||
ULONG Reserved;
|
||||
} SYSTEM_WRITE_CONSTRAINT_INFORMATION, *PSYSTEM_WRITE_CONSTRAINT_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION
|
||||
{
|
||||
union
|
||||
{
|
||||
ULONG Flags;
|
||||
struct
|
||||
{
|
||||
ULONG KvaShadowEnabled : 1;
|
||||
ULONG KvaShadowUserGlobal : 1;
|
||||
ULONG KvaShadowPcid : 1;
|
||||
ULONG KvaShadowInvpcid : 1;
|
||||
ULONG Reserved : 28;
|
||||
};
|
||||
};
|
||||
} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION
|
||||
{
|
||||
union
|
||||
{
|
||||
ULONG Flags;
|
||||
struct
|
||||
{
|
||||
ULONG BpbEnabled : 1;
|
||||
ULONG BpbDisabledSystemPolicy : 1;
|
||||
ULONG BpbDisabledNoHardwareSupport : 1;
|
||||
ULONG SpecCtrlEnumerated : 1;
|
||||
ULONG SpecCmdEnumerated : 1;
|
||||
ULONG IbrsPresent : 1;
|
||||
ULONG StibpPresent : 1;
|
||||
ULONG SmepPresent : 1;
|
||||
ULONG Reserved : 24;
|
||||
};
|
||||
};
|
||||
} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION;
|
||||
|
||||
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
||||
|
||||
NTSYSCALLAPI
|
||||
|
||||
139
inc/phnt/ntldr.h
139
inc/phnt/ntldr.h
@@ -5,6 +5,12 @@
|
||||
|
||||
// DLLs
|
||||
|
||||
typedef BOOLEAN (NTAPI *PLDR_INIT_ROUTINE)(
|
||||
_In_ PVOID DllHandle,
|
||||
_In_ ULONG Reason,
|
||||
_In_opt_ PVOID Context
|
||||
);
|
||||
|
||||
// symbols
|
||||
typedef struct _LDR_SERVICE_TAG_RECORD
|
||||
{
|
||||
@@ -98,6 +104,7 @@ typedef enum _LDR_DLL_LOAD_REASON
|
||||
#define LDR_DATA_TABLE_ENTRY_SIZE_WINXP FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, DdagNode)
|
||||
#define LDR_DATA_TABLE_ENTRY_SIZE_WIN7 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, BaseNameHashValue)
|
||||
#define LDR_DATA_TABLE_ENTRY_SIZE_WIN8 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, ImplicitPathOptions)
|
||||
#define LDR_DATA_TABLE_ENTRY_SIZE sizeof(LDR_DATA_TABLE_ENTRY)
|
||||
|
||||
// symbols
|
||||
typedef struct _LDR_DATA_TABLE_ENTRY
|
||||
@@ -110,7 +117,7 @@ typedef struct _LDR_DATA_TABLE_ENTRY
|
||||
LIST_ENTRY InProgressLinks;
|
||||
};
|
||||
PVOID DllBase;
|
||||
PVOID EntryPoint;
|
||||
PLDR_INIT_ROUTINE EntryPoint;
|
||||
ULONG SizeOfImage;
|
||||
UNICODE_STRING FullDllName;
|
||||
UNICODE_STRING BaseDllName;
|
||||
@@ -172,11 +179,9 @@ typedef struct _LDR_DATA_TABLE_ENTRY
|
||||
UCHAR SigningLevel; // since REDSTONE2
|
||||
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
|
||||
|
||||
typedef BOOLEAN (NTAPI *PDLL_INIT_ROUTINE)(
|
||||
_In_ PVOID DllHandle,
|
||||
_In_ ULONG Reason,
|
||||
_In_opt_ PCONTEXT Context
|
||||
);
|
||||
#define LDR_IS_DATAFILE(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)1)
|
||||
#define LDR_IS_IMAGEMAPPING(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)2)
|
||||
#define LDR_IS_RESOURCE(DllHandle) (LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle))
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
@@ -583,6 +588,70 @@ LdrAccessResource(
|
||||
_Out_opt_ ULONG *ResourceLength
|
||||
);
|
||||
|
||||
typedef struct _LDR_RESOURCE_INFO
|
||||
{
|
||||
ULONG_PTR Type;
|
||||
ULONG_PTR Name;
|
||||
ULONG_PTR Language;
|
||||
} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO;
|
||||
|
||||
#define RESOURCE_TYPE_LEVEL 0
|
||||
#define RESOURCE_NAME_LEVEL 1
|
||||
#define RESOURCE_LANGUAGE_LEVEL 2
|
||||
#define RESOURCE_DATA_LEVEL 3
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrFindResource_U(
|
||||
_In_ PVOID BaseAddress,
|
||||
_In_ PLDR_RESOURCE_INFO ResourceInfo,
|
||||
_In_ ULONG Level,
|
||||
_Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrFindResourceDirectory_U(
|
||||
_In_ PVOID BaseAddress,
|
||||
_In_ PLDR_RESOURCE_INFO ResourceInfo,
|
||||
_In_ ULONG Level,
|
||||
_Out_ PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory
|
||||
);
|
||||
|
||||
// private
|
||||
typedef struct _LDR_ENUM_RESOURCE_ENTRY
|
||||
{
|
||||
union
|
||||
{
|
||||
ULONG_PTR NameOrId;
|
||||
PIMAGE_RESOURCE_DIRECTORY_STRING Name;
|
||||
struct
|
||||
{
|
||||
USHORT Id;
|
||||
USHORT NameIsPresent;
|
||||
};
|
||||
} Path[3];
|
||||
PVOID Data;
|
||||
ULONG Size;
|
||||
ULONG Reserved;
|
||||
} LDR_ENUM_RESOURCE_ENTRY, *PLDR_ENUM_RESOURCE_ENTRY;
|
||||
|
||||
#define NAME_FROM_RESOURCE_ENTRY(RootDirectory, Entry) \
|
||||
((Entry)->NameIsString ? (ULONG_PTR)PTR_ADD_OFFSET((RootDirectory), (Entry)->NameOffset) : (Entry)->Id)
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrEnumResources(
|
||||
_In_ PVOID BaseAddress,
|
||||
_In_ PLDR_RESOURCE_INFO ResourceInfo,
|
||||
_In_ ULONG Level,
|
||||
_Inout_ ULONG *ResourceCount,
|
||||
_Out_writes_to_opt_(*ResourceCount, *ResourceCount) PLDR_ENUM_RESOURCE_ENTRY Resources
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
@@ -625,4 +694,62 @@ typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
|
||||
PVOID DefaultBase;
|
||||
} RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX;
|
||||
|
||||
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrQueryProcessModuleInformation(
|
||||
_In_opt_ PRTL_PROCESS_MODULES ModuleInformation,
|
||||
_In_opt_ ULONG Size,
|
||||
_Out_ PULONG ReturnedSize
|
||||
);
|
||||
|
||||
typedef VOID (NTAPI *PLDR_ENUM_CALLBACK)(
|
||||
_In_ PLDR_DATA_TABLE_ENTRY ModuleInformation,
|
||||
_In_ PVOID Parameter,
|
||||
_Out_ BOOLEAN *Stop
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrEnumerateLoadedModules(
|
||||
_In_ BOOLEAN ReservedFlag,
|
||||
_In_ PLDR_ENUM_CALLBACK EnumProc,
|
||||
_In_ PVOID Context
|
||||
);
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrOpenImageFileOptionsKey(
|
||||
_In_ PUNICODE_STRING SubKey,
|
||||
_In_ BOOLEAN Wow64,
|
||||
_Out_ PHANDLE NewKeyHandle
|
||||
);
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrQueryImageFileKeyOption(
|
||||
_In_ HANDLE KeyHandle,
|
||||
_In_ PCWSTR ValueName,
|
||||
_In_ ULONG Type,
|
||||
_Out_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize,
|
||||
_Out_opt_ PULONG ReturnedLength
|
||||
);
|
||||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrQueryImageFileExecutionOptions(
|
||||
_In_ PUNICODE_STRING SubKey,
|
||||
_In_ PCWSTR ValueName,
|
||||
_In_ ULONG ValueSize,
|
||||
_Out_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize,
|
||||
_Out_opt_ PULONG RetunedLength
|
||||
);
|
||||
|
||||
#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
|
||||
|
||||
#endif
|
||||
|
||||
@@ -14,6 +14,46 @@ typedef struct _ACTIVATION_CONTEXT_STACK
|
||||
ULONG StackId;
|
||||
} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
|
||||
|
||||
// private
|
||||
typedef struct _API_SET_NAMESPACE
|
||||
{
|
||||
ULONG Version;
|
||||
ULONG Size;
|
||||
ULONG Flags;
|
||||
ULONG Count;
|
||||
ULONG EntryOffset;
|
||||
ULONG HashOffset;
|
||||
ULONG HashFactor;
|
||||
} API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
|
||||
|
||||
// private
|
||||
typedef struct _API_SET_HASH_ENTRY
|
||||
{
|
||||
ULONG Hash;
|
||||
ULONG Index;
|
||||
} API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY;
|
||||
|
||||
// private
|
||||
typedef struct _API_SET_NAMESPACE_ENTRY
|
||||
{
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG HashedLength;
|
||||
ULONG ValueOffset;
|
||||
ULONG ValueCount;
|
||||
} API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY;
|
||||
|
||||
// private
|
||||
typedef struct _API_SET_VALUE_ENTRY
|
||||
{
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG ValueOffset;
|
||||
ULONG ValueLength;
|
||||
} API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY;
|
||||
|
||||
// symbols
|
||||
typedef struct _PEB
|
||||
{
|
||||
@@ -68,7 +108,7 @@ typedef struct _PEB
|
||||
};
|
||||
ULONG SystemReserved[1];
|
||||
ULONG AtlThunkSListPtr32;
|
||||
PVOID ApiSetMap;
|
||||
PAPI_SET_NAMESPACE ApiSetMap;
|
||||
ULONG TlsExpansionCounter;
|
||||
PVOID TlsBitmap;
|
||||
ULONG TlsBitmapBits[2];
|
||||
@@ -84,7 +124,7 @@ typedef struct _PEB
|
||||
ULONG NumberOfProcessors;
|
||||
ULONG NtGlobalFlag;
|
||||
|
||||
LARGE_INTEGER CriticalSectionTimeout;
|
||||
ULARGE_INTEGER CriticalSectionTimeout;
|
||||
SIZE_T HeapSegmentReserve;
|
||||
SIZE_T HeapSegmentCommit;
|
||||
SIZE_T HeapDeCommitTotalFreeThreshold;
|
||||
@@ -160,6 +200,14 @@ typedef struct _PEB
|
||||
ULONG CloudFileFlags;
|
||||
} PEB, *PPEB;
|
||||
|
||||
#ifdef _WIN64
|
||||
C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
|
||||
C_ASSERT(sizeof(PEB) == 0x7B0);
|
||||
#else
|
||||
C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
|
||||
C_ASSERT(sizeof(PEB) == 0x468);
|
||||
#endif
|
||||
|
||||
#define GDI_BATCH_BUFFER_SIZE 310
|
||||
|
||||
typedef struct _GDI_TEB_BATCH
|
||||
|
||||
@@ -44,7 +44,7 @@
|
||||
#define GDI_HANDLE_BUFFER_SIZE32 34
|
||||
#define GDI_HANDLE_BUFFER_SIZE64 60
|
||||
|
||||
#ifndef WIN64
|
||||
#ifndef _WIN64
|
||||
#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE32
|
||||
#else
|
||||
#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE64
|
||||
@@ -809,8 +809,12 @@ typedef struct _THREAD_LAST_SYSCALL_INFORMATION
|
||||
{
|
||||
PVOID FirstArgument;
|
||||
USHORT SystemCallNumber;
|
||||
//USHORT Reserved; // since REDSTONE2
|
||||
//ULONG64 WaitTime;
|
||||
#ifdef WIN64
|
||||
USHORT Pad[0x3]; // since REDSTONE2
|
||||
#else
|
||||
USHORT Pad[0x1]; // since REDSTONE2
|
||||
#endif
|
||||
ULONG64 WaitTime;
|
||||
} THREAD_LAST_SYSCALL_INFORMATION, *PTHREAD_LAST_SYSCALL_INFORMATION;
|
||||
|
||||
// private
|
||||
@@ -1000,6 +1004,11 @@ NtResumeProcess(
|
||||
#define ZwCurrentSession() NtCurrentSession()
|
||||
#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
|
||||
|
||||
// Windows 8 and above
|
||||
#define NtCurrentProcessToken() ((HANDLE)(LONG_PTR)-4)
|
||||
#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5)
|
||||
#define NtCurrentEffectiveToken() ((HANDLE)(LONG_PTR)-6)
|
||||
|
||||
// Not NT, but useful.
|
||||
#define NtCurrentProcessId() (NtCurrentTeb()->ClientId.UniqueProcess)
|
||||
#define NtCurrentThreadId() (NtCurrentTeb()->ClientId.UniqueThread)
|
||||
|
||||
@@ -534,6 +534,12 @@ NtUnloadKey(
|
||||
_In_ POBJECT_ATTRIBUTES TargetKey
|
||||
);
|
||||
|
||||
//
|
||||
// NtUnloadKey2 Flags (from winnt.h)
|
||||
//
|
||||
//#define REG_FORCE_UNLOAD 1
|
||||
//#define REG_UNLOAD_LEGAL_FLAGS (REG_FORCE_UNLOAD)
|
||||
|
||||
NTSYSCALLAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
||||
183
inc/phnt/ntrtl.h
183
inc/phnt/ntrtl.h
@@ -1,6 +1,9 @@
|
||||
#ifndef _NTRTL_H
|
||||
#define _NTRTL_H
|
||||
|
||||
#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset))))
|
||||
#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base))))
|
||||
|
||||
// Linked lists
|
||||
|
||||
FORCEINLINE VOID InitializeListHead(
|
||||
@@ -3209,7 +3212,7 @@ RtlDosSearchPath_U(
|
||||
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION 0x00000001
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH 0x00000002
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004)
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
@@ -6589,4 +6592,182 @@ RtlCrc64(
|
||||
|
||||
#endif
|
||||
|
||||
// Image Mitigation
|
||||
|
||||
// rev
|
||||
typedef enum _IMAGE_MITIGATION_POLICY
|
||||
{
|
||||
ImageDepPolicy, // RTL_IMAGE_MITIGATION_DEP_POLICY
|
||||
ImageAslrPolicy, // RTL_IMAGE_MITIGATION_ASLR_POLICY
|
||||
ImageDynamicCodePolicy, // RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
|
||||
ImageStrictHandleCheckPolicy, // RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
|
||||
ImageSystemCallDisablePolicy, // RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
|
||||
ImageMitigationOptionsMask,
|
||||
ImageExtensionPointDisablePolicy, // RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
|
||||
ImageControlFlowGuardPolicy, // RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
|
||||
ImageSignaturePolicy, // RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
|
||||
ImageFontDisablePolicy, // RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
|
||||
ImageImageLoadPolicy, // RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
|
||||
ImagePayloadRestrictionPolicy, // RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
|
||||
ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
|
||||
ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY
|
||||
ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY
|
||||
MaxImageMitigationPolicy
|
||||
} IMAGE_MITIGATION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef union _RTL_IMAGE_MITIGATION_POLICY
|
||||
{
|
||||
struct
|
||||
{
|
||||
ULONG64 AuditState : 2;
|
||||
ULONG64 AuditFlag : 1;
|
||||
ULONG64 EnableAdditionalAuditingOption : 1;
|
||||
ULONG64 Reserved : 60;
|
||||
};
|
||||
struct
|
||||
{
|
||||
ULONG64 PolicyState : 2;
|
||||
ULONG64 AlwaysInherit : 1;
|
||||
ULONG64 EnableAdditionalPolicyOption : 1;
|
||||
ULONG64 AuditReserved : 60;
|
||||
};
|
||||
} RTL_IMAGE_MITIGATION_POLICY, *PRTL_IMAGE_MITIGATION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_DEP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY Dep;
|
||||
} RTL_IMAGE_MITIGATION_DEP_POLICY, *PRTL_IMAGE_MITIGATION_DEP_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_ASLR_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY ForceRelocateImages;
|
||||
RTL_IMAGE_MITIGATION_POLICY BottomUpRandomization;
|
||||
RTL_IMAGE_MITIGATION_POLICY HighEntropyRandomization;
|
||||
} RTL_IMAGE_MITIGATION_ASLR_POLICY, *PRTL_IMAGE_MITIGATION_ASLR_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockDynamicCode;
|
||||
} RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY, *PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY StrictHandleChecks;
|
||||
} RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockWin32kSystemCalls;
|
||||
} RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisableExtensionPoints;
|
||||
} RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY ControlFlowGuard;
|
||||
RTL_IMAGE_MITIGATION_POLICY StrictControlFlowGuard;
|
||||
} RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY, *PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockNonMicrosoftSignedBinaries;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnforceSigningOnModuleDependencies;
|
||||
} RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY, *PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisableNonSystemFonts;
|
||||
} RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockRemoteImageLoads;
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockLowLabelImageLoads;
|
||||
RTL_IMAGE_MITIGATION_POLICY PreferSystem32;
|
||||
} RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY, *PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilter;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilterPlus;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableImportAddressFilter;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopStackPivot;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopCallerCheck;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopSimExec;
|
||||
} RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisallowChildProcessCreation;
|
||||
} RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY, *PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY Sehop;
|
||||
} RTL_IMAGE_MITIGATION_SEHOP_POLICY, *PRTL_IMAGE_MITIGATION_SEHOP_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors;
|
||||
} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY;
|
||||
|
||||
typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE
|
||||
{
|
||||
RtlMitigationOptionStateNotConfigured,
|
||||
RtlMitigationOptionStateOn,
|
||||
RtlMitigationOptionStateOff
|
||||
} RTL_IMAGE_MITIGATION_OPTION_STATE;
|
||||
|
||||
// rev from PROCESS_MITIGATION_FLAGS
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT 0x4
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_AUDIT 0x8
|
||||
|
||||
#if (PHNT_VERSION >= PHNT_REDSTONE3)
|
||||
|
||||
// rev
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlQueryImageMitigationPolicy(
|
||||
_In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
|
||||
_In_ IMAGE_MITIGATION_POLICY Policy,
|
||||
_In_ ULONG Flags,
|
||||
_Inout_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize
|
||||
);
|
||||
|
||||
// rev
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlSetImageMitigationPolicy(
|
||||
_In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
|
||||
_In_ IMAGE_MITIGATION_POLICY Policy,
|
||||
_In_ ULONG Flags,
|
||||
_Inout_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize
|
||||
);
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user