_PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY structure

Stores information about process mitigation policy.

Syntax

typedef struct _PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY {
  union {
    ULONG Flags;
    struct {
      ULONG EnableExportAddressFilter : 1;
      ULONG AuditExportAddressFilter : 1;
      ULONG EnableExportAddressFilterPlus : 1;
      ULONG AuditExportAddressFilterPlus : 1;
      ULONG EnableImportAddressFilter : 1;
      ULONG AuditImportAddressFilter : 1;
      ULONG EnableRopStackPivot : 1;
      ULONG AuditRopStackPivot : 1;
      ULONG EnableRopCallerCheck : 1;
      ULONG AuditRopCallerCheck : 1;
      ULONG EnableRopSimExec : 1;
      ULONG AuditRopSimExec : 1;
      ULONG ReservedFlags : 20;
    } DUMMYSTRUCTNAME;
  } DUMMYUNIONNAME;
} PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PPROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY;

Members

DUMMYUNIONNAME.Flags

Bitwise of flags in this structure.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableExportAddressFilter

If set this enables the Export Address Filter mitigation in enforcement mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditExportAddressFilter

If set this enables the Export Address Filter mitigation in audit mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableExportAddressFilterPlus

If set this enables the Export Address Filter Plus mitigation in enforcement mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditExportAddressFilterPlus

If set this enables the Export Address Filter mitigation in audit mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableImportAddressFilter

If set this enables the Import Address Filter mitigation in enforcement mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditImportAddressFilter

If set this enables the Import Address Filter mitigation in enforcement mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopStackPivot

If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopStackPivot

If set this enables the stack pivot anti-ROP (Return-oriented-programming) mitigation in audit mode for the process.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopCallerCheck

If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. Applies to 32-bit processes only.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopCallerCheck

If set this enables the caller check anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies to 32-bit processes only.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.EnableRopSimExec

If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in enforcement mode for the process. Applies to 32-bit processes only.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.AuditRopSimExec

If set this enables the simulated execution anti-ROP (Return-oriented-programming) mitigation in audit mode for the process. Applies to 32-bit processes only.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.ReservedFlags

Reserved.

Requirements

   
Windows version Windows 10, version 1709 Windows Server 2016
Header ntddk.h