Skip to content

Commit 86a843c

Browse files
kkent030315kkent030315
committed
add missing mitigation policy definitions and tests
1 parent 5b18299 commit 86a843c

File tree

2 files changed

+85
-6
lines changed

2 files changed

+85
-6
lines changed

src/um/winnt.rs

Lines changed: 75 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3104,7 +3104,15 @@ ENUM!{enum PROCESS_MITIGATION_POLICY {
31043104
ProcessSignaturePolicy,
31053105
ProcessFontDisablePolicy,
31063106
ProcessImageLoadPolicy,
3107-
MaxProcessMitigationPolicy,
3107+
ProcessSystemCallFilterPolicy,
3108+
ProcessPayloadRestrictionPolicy,
3109+
ProcessChildProcessPolicy,
3110+
ProcessSideChannelIsolationPolicy,
3111+
ProcessUserShadowStackPolicy,
3112+
ProcessRedirectionTrustPolicy,
3113+
ProcessUserPointerAuthPolicy,
3114+
ProcessSEHOPPolicy,
3115+
MaxProcessMitigationPolicy
31083116
}}
31093117
pub type PPROCESS_MITIGATION_POLICY = *mut PROCESS_MITIGATION_POLICY;
31103118
STRUCT!{struct PROCESS_MITIGATION_ASLR_POLICY {
@@ -3138,12 +3146,20 @@ BITFIELD!{PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY Flags: DWORD [
31383146
]}
31393147
pub type PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY
31403148
= *mut PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
3149+
STRUCT!{struct PROCESS_MITIGATION_SEHOP_POLICY {
3150+
Flags: DWORD,
3151+
}}
3152+
BITFIELD!{PROCESS_MITIGATION_SEHOP_POLICY Flags: DWORD[
3153+
EnableSehop set_EnableSehop[0..1],
3154+
ReservedFlags set_ReservedFlags[1..32],
3155+
]}
31413156
STRUCT!{struct PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY {
31423157
Flags: DWORD,
31433158
}}
31443159
BITFIELD!{PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY Flags: DWORD [
31453160
DisallowWin32kSystemCalls set_DisallowWin32kSystemCalls[0..1],
3146-
ReservedFlags set_ReservedFlags[1..32],
3161+
AuditDisallowWin32kSystemCalls set_AuditDisallowWin32kSystemCalls[1..2],
3162+
ReservedFlags set_ReservedFlags[2..32],
31473163
]}
31483164
pub type PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
31493165
= *mut PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
@@ -3163,7 +3179,8 @@ BITFIELD!{PROCESS_MITIGATION_DYNAMIC_CODE_POLICY Flags: DWORD [
31633179
ProhibitDynamicCode set_ProhibitDynamicCode[0..1],
31643180
AllowThreadOptOut set_AllowThreadOptOut[1..2],
31653181
AllowRemoteDowngrade set_AllowRemoteDowngrade[2..3],
3166-
ReservedFlags set_ReservedFlags[3..32],
3182+
AuditProhibitDynamicCode set_AuditProhibitDynamicCode[3..4],
3183+
ReservedFlags set_ReservedFlags[4..32],
31673184
]}
31683185
pub type PPROCESS_MITIGATION_DYNAMIC_CODE_POLICY = *mut PROCESS_MITIGATION_DYNAMIC_CODE_POLICY;
31693186
STRUCT!{struct PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY {
@@ -3173,7 +3190,9 @@ BITFIELD!{PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY Flags: DWORD [
31733190
EnableControlFlowGuard set_EnableControlFlowGuard[0..1],
31743191
EnableExportSuppression set_EnableExportSuppression[1..2],
31753192
StrictMode set_StrictMode[2..3],
3176-
ReservedFlags set_ReservedFlags[3..32],
3193+
EnableXfg set_EnableXfg[3..4],
3194+
EnableXfgAuditMode set_EnableXfgAuditMode[4..5],
3195+
ReservedFlags set_ReservedFlags[5..32],
31773196
]}
31783197
pub type PPROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY
31793198
= *mut PROCESS_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
@@ -3184,7 +3203,9 @@ BITFIELD!{PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY Flags: DWORD [
31843203
MicrosoftSignedOnly set_MicrosoftSignedOnly[0..1],
31853204
StoreSignedOnly set_StoreSignedOnly[1..2],
31863205
MitigationOptIn set_MitigationOptIn[2..3],
3187-
ReservedFlags set_ReservedFlags[3..32],
3206+
AuditMicrosoftSignedOnly set_AuditMicrosoftSignedOnly[3..4],
3207+
AuditStoreSignedOnly set_AuditStoreSignedOnly[4..5],
3208+
ReservedFlags set_ReservedFlags[5..32],
31883209
]}
31893210
pub type PPROCESS_MITIGATION_BINARY_SIGNATURE_POLICY
31903211
= *mut PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY;
@@ -3204,7 +3225,9 @@ BITFIELD!{PROCESS_MITIGATION_IMAGE_LOAD_POLICY Flags: DWORD [
32043225
NoRemoteImages set_NoRemoteImages[0..1],
32053226
NoLowMandatoryLabelImages set_NoLowMandatoryLabelImages[1..2],
32063227
PreferSystem32Images set_PreferSystem32Images[2..3],
3207-
ReservedFlags set_ReservedFlags[3..32],
3228+
AuditNoRemoteImages set_AuditNoRemoteImages[3..4],
3229+
AuditNoLowMandatoryLabelImages set_AuditNoLowMandatoryLabelImages[4..5],
3230+
ReservedFlags set_ReservedFlags[5..32],
32083231
]}
32093232
pub type PPROCESS_MITIGATION_IMAGE_LOAD_POLICY = *mut PROCESS_MITIGATION_IMAGE_LOAD_POLICY;
32103233
STRUCT!{struct PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY {
@@ -3246,6 +3269,52 @@ BITFIELD!{PROCESS_MITIGATION_CHILD_PROCESS_POLICY Flags: DWORD [
32463269
AllowSecureProcessCreation set_AllowSecureProcessCreation[2..3],
32473270
ReservedFlags set_ReservedFlags[3..32],
32483271
]}
3272+
STRUCT!{struct PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY {
3273+
Flags: DWORD,
3274+
}}
3275+
pub type PPROCESS_MITIGATION_USER_SHADOW_STACK_POLICY = *mut PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY;
3276+
BITFIELD!{PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY Flags: DWORD [
3277+
EnableUserShadowStack set_EnableUserShadowStack[0..1],
3278+
AuditUserShadowStack set_AuditUserShadowStack[1..2],
3279+
SetContextIpValidation set_SetContextIpValidation[2..3],
3280+
AuditSetContextIpValidation set_AuditSetContextIpValidation[3..4],
3281+
EnableUserShadowStackStrictMode set_EnableUserShadowStackStrictMode[4..5],
3282+
BlockNonCetBinaries set_BlockNonCetBinaries[5..6],
3283+
BlockNonCetBinariesNonEhcont set_BlockNonCetBinariesNonEhcont[6..7],
3284+
AuditBlockNonCetBinaries set_AuditBlockNonCetBinaries[7..8],
3285+
CetDynamicApisOutOfProcOnly set_CetDynamicApisOutOfProcOnly[8..9],
3286+
SetContextIpValidationRelaxedMode set_SetContextIpValidationRelaxedMode[9..10],
3287+
ReservedFlags set_ReservedFlags[10..32],
3288+
]}
3289+
STRUCT!{struct PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY{
3290+
Flags: DWORD,
3291+
}}
3292+
pub type PPROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY = *mut PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY;
3293+
BITFIELD!{PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY Flags: DWORD [
3294+
SmtBranchTargetIsolation set_SmtBranchTargetIsolation[0..1],
3295+
IsolateSecurityDomain set_IsolateSecurityDomain[1..2],
3296+
DisablePageCombine set_DisablePageCombine[2..3],
3297+
SpeculativeStoreBypassDisable set_SpeculativeStoreBypassDisable[3..4],
3298+
RestrictCoreSharing set_RestrictCoreSharing[4..5],
3299+
ReservedFlags set_ReservedFlags[5..32],
3300+
]}
3301+
STRUCT!{struct PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY{
3302+
Flags: DWORD,
3303+
}}
3304+
pub type PPROCESS_MITIGATION_USER_POINTER_AUTH_POLICY = *mut PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY;
3305+
BITFIELD!{PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY Flags: DWORD[
3306+
EnablePointerAuthUserIp set_EnablePointerAuthUserIp[0..1],
3307+
ReservedFlags set_ReservedFlags[1..32],
3308+
]}
3309+
STRUCT!{struct PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY{
3310+
Flags: DWORD,
3311+
}}
3312+
pub type PPROCESS_MITIGATION_REDIRECTION_TRUST_POLICY = *mut PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY;
3313+
BITFIELD!{PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY Flags: DWORD[
3314+
EnforceRedirectionTrust set_EnforceRedirectionTrust[0..1],
3315+
AuditRedirectionTrust set_AuditRedirectionTrust[1..2],
3316+
ReservedFlags set_ReservedFlags[2..32],
3317+
]}
32493318
STRUCT!{struct JOBOBJECT_BASIC_ACCOUNTING_INFORMATION {
32503319
TotalUserTime: LARGE_INTEGER,
32513320
TotalKernelTime: LARGE_INTEGER,

tests/structs_x86_64.rs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8458,6 +8458,8 @@ fn um_winnt() {
84588458
assert_eq!(align_of::<PROCESS_MITIGATION_DEP_POLICY>(), 4);
84598459
assert_eq!(size_of::<PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY>(), 4);
84608460
assert_eq!(align_of::<PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY>(), 4);
8461+
assert_eq!(size_of::<PROCESS_MITIGATION_SEHOP_POLICY>(), 4);
8462+
assert_eq!(align_of::<PROCESS_MITIGATION_SEHOP_POLICY>(), 4);
84618463
assert_eq!(size_of::<PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY>(), 4);
84628464
assert_eq!(align_of::<PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY>(), 4);
84638465
assert_eq!(size_of::<PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY>(), 4);
@@ -8478,6 +8480,14 @@ fn um_winnt() {
84788480
assert_eq!(align_of::<PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY>(), 4);
84798481
assert_eq!(size_of::<PROCESS_MITIGATION_CHILD_PROCESS_POLICY>(), 4);
84808482
assert_eq!(align_of::<PROCESS_MITIGATION_CHILD_PROCESS_POLICY>(), 4);
8483+
assert_eq!(size_of::<PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY>(), 4);
8484+
assert_eq!(align_of::<PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY>(), 4);
8485+
assert_eq!(size_of::<PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY>(), 4);
8486+
assert_eq!(align_of::<PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY>(), 4);
8487+
assert_eq!(size_of::<PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY>(), 4);
8488+
assert_eq!(align_of::<PROCESS_MITIGATION_USER_POINTER_AUTH_POLICY>(), 4);
8489+
assert_eq!(size_of::<PPROCESS_MITIGATION_REDIRECTION_TRUST_POLICY>(), 4);
8490+
assert_eq!(align_of::<PPROCESS_MITIGATION_REDIRECTION_TRUST_POLICY>(), 4);
84818491
assert_eq!(size_of::<JOBOBJECT_BASIC_ACCOUNTING_INFORMATION>(), 48);
84828492
assert_eq!(align_of::<JOBOBJECT_BASIC_ACCOUNTING_INFORMATION>(), 8);
84838493
assert_eq!(size_of::<JOBOBJECT_BASIC_LIMIT_INFORMATION>(), 64);

0 commit comments

Comments
 (0)