sean-m
/
Vanara
mirror of https://github.com/dahall/Vanara.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added IsUserCetAvailableInEnvironment and SetProcessDynamicEHContinuationTargets functions to Kernel32

pull/180/head
dahall 2020-10-14 14:03:29 -06:00
parent b287f2afcd
commit 05b64a7664
2 changed files with 143 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
PInvoke/Kernel32/ProcessThreadsApi.cs
View File

@ -247,6 +247,24 @@ namespace Vanara.PInvoke
STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000,
}
/// <summary>Flags that apply to the dynamic exception handling continuation target in TargetAddress in <see cref="PROCESS_DYNAMIC_EH_CONTINUATION_TARGET"/>.</summary>
[PInvokeData("winnt.h", MSDNShortId = "NS:winnt._PROCESS_DYNAMIC_EH_CONTINUATION_TARGET")]
[Flags]
public enum DYNAMIC_EH_CONTINUATION_TARGET
{
/// <summary>
/// Dynamic exception handling continuation target should be added. If this flag is not set, the target is removed. This is an
/// input flag.
/// </summary>
DYNAMIC_EH_CONTINUATION_TARGET_ADD = 0x00000001,
/// <summary>
/// Dynamic exception handling continuation target has been successfully processed (either added or removed). This is an output
/// flag used to report which targets were successfully processed when processing an array of multiple targets.
/// </summary>
DYNAMIC_EH_CONTINUATION_TARGET_PROCESSED = 0x00000002
}
/// <summary>The memory priority for the thread or process.</summary>
public enum MEMORY_PRIORITY
{
@ -4108,6 +4126,39 @@ namespace Vanara.PInvoke
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessDefaultCpuSets([In] HPROCESS Process, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 2)] uint[] CpuSetIds, uint CpuSetIdCound);
/// <summary>Sets dynamic exception handling continuation targets for the specified process.</summary>
/// <param name="Process">
/// A handle to the process. This handle must have the <c>PROCESS_SET_INFORMATION</c> access right. For more information, see
/// Process Security and Access Rights.
/// </param>
/// <param name="NumberOfTargets">Supplies the number of dynamic exception handling continuation targets to set.</param>
/// <param name="Targets">
/// A pointer to an array of dynamic exception handling continuation targets. For more information on this structure, see PROCESS_DYNAMIC_EH_CONTINUATION_TARGET.
/// </param>
/// <returns>
/// <para>If the function succeeds, the return value is nonzero.</para>
/// <para>
/// If the function fails, the return value is zero. To get extended error information, call GetLastError. Note that even if the
/// function fails, a portion of the supplied continuation targets may have been successfully processed. The caller needs to check
/// the flags in each individual continuation target specified via Targets to determine if it was successfully processed.
/// </para>
/// </returns>
/// <remarks>
/// If user-mode Hardware-enforced Stack Protection is enabled for a process, when calling APIs that modify the execution context of
/// a thread such as RtlRestoreContext and SetThreadContext, validation is performed on the Instruction Pointer specified in the new
/// execution context. RtlRestoreContext is used during Structured Exception Handling (SEH) exception unwinding to unwind to the
/// target frame that contains the <c>__except</c> block and to start executing code at the continuation target. Therefore, the
/// operating system needs to know the instruction addresses of all the valid continuation targets in order to allow the unwind
/// operation via RtlRestoreContext. For compiled binaries, the list of continuation targets is generated by the linker and stored
/// in the binary image. For dynamic code, the continuation targets need to be specified using SetProcessDynamicEHContinuationTargets.
/// </remarks>
// https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-setprocessdynamicehcontinuationtargets
// BOOL SetProcessDynamicEHContinuationTargets( HANDLE Process, USHORT NumberOfTargets, PPROCESS_DYNAMIC_EH_CONTINUATION_TARGET Targets );
[DllImport(Lib.Kernel32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("processthreadsapi.h", MSDNShortId = "NF:processthreadsapi.SetProcessDynamicEHContinuationTargets")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetProcessDynamicEHContinuationTargets([In] HPROCESS Process, ushort NumberOfTargets, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 1)] PROCESS_DYNAMIC_EH_CONTINUATION_TARGET[] Targets);
/// <summary>Sets information for the specified process.</summary>
/// <param name="hProcess">
/// A handle to the process. This handle must have the <c>PROCESS_SET_INFORMATION</c> access right. For more information, see Process
@ -6025,6 +6076,46 @@ namespace Vanara.PInvoke
public static readonly PROC_THREAD_ATTRIBUTE PROC_THREAD_ATTRIBUTE_WIN32K_FILTER = new PROC_THREAD_ATTRIBUTE(AttrType.ProcThreadAttributeWin32kFilter, false, true, false);
}
/// <summary>
/// Contains dynamic exception handling continuation targets. The SetProcessDynamicEHContinuationTargets function uses this structure.
/// </summary>
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-process_dynamic_eh_continuation_target
// typedef struct _PROCESS_DYNAMIC_EH_CONTINUATION_TARGET { ULONG_PTR TargetAddress; ULONG_PTR Flags; } PROCESS_DYNAMIC_EH_CONTINUATION_TARGET, *PPROCESS_DYNAMIC_EH_CONTINUATION_TARGET;
[PInvokeData("winnt.h", MSDNShortId = "NS:winnt._PROCESS_DYNAMIC_EH_CONTINUATION_TARGET")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct PROCESS_DYNAMIC_EH_CONTINUATION_TARGET
{
/// <summary>The address of a dynamic exception handling continuation target.</summary>
public IntPtr TargetAddress;
private IntPtr _Flags;
/// <summary>
/// <para>Flags that apply to the dynamic exception handling continuation target in TargetAddress.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>DYNAMIC_EH_CONTINUATION_TARGET_ADD 0x00000001UL</term>
/// <term>
/// Dynamic exception handling continuation target should be added. If this flag is not set, the target is removed. This is an
/// input flag.
/// </term>
/// </item>
/// <item>
/// <term>DYNAMIC_EH_CONTINUATION_TARGET_PROCESSED 0x00000002UL</term>
/// <term>
/// Dynamic exception handling continuation target has been successfully processed (either added or removed). This is an output
/// flag used to report which targets were successfully processed when processing an array of multiple targets.
/// </term>
/// </item>
/// </list>
/// </summary>
public DYNAMIC_EH_CONTINUATION_TARGET Flags { get => (DYNAMIC_EH_CONTINUATION_TARGET)_Flags.ToInt32(); set => _Flags = new IntPtr((int)value); }
}
/// <summary>
/// Contains information about a newly created process and its primary thread. It is used with the <c>CreateProcess</c>,
/// <c>CreateProcessAsUser</c>, <c>CreateProcessWithLogonW</c>, or <c>CreateProcessWithTokenW</c> function.

52
PInvoke/Kernel32/SysInfoApi.cs
View File

@ -529,6 +529,24 @@ namespace Vanara.PInvoke
VER_SUITE_WH_SERVER = 0x00008000,
}
/// <summary>The environment to query.</summary>
[PInvokeData("sysinfoapi.h", MSDNShortId = "NF:sysinfoapi.IsUserCetAvailableInEnvironment")]
[Flags]
public enum USER_CET_ENVIRONMENT
{
/// <summary>The Win32 environment.</summary>
USER_CET_ENVIRONMENT_WIN32_PROCESS = 0x00000000,
/// <summary>The Intel Software Guard Extensions 2 (SGX2) enclave environment.</summary>
USER_CET_ENVIRONMENT_SGX2_ENCLAVE = 0x00000002,
/// <summary>The virtualization-based security (VBS) enclave environment.</summary>
USER_CET_ENVIRONMENT_VBS_ENCLAVE = 0x00000010,
/// <summary>The virtualization-based security (VBS) basic enclave environment.</summary>
USER_CET_ENVIRONMENT_VBS_BASIC_ENCLAVE = 0x00000011,
}
/// <summary>Converts a DNS-style host name to a NetBIOS-style computer name.</summary>
/// <param name="Hostname">
/// The DNS name. If the DNS name is not a valid, translatable name, the function fails. For more information, see Computer Names.
@ -2194,6 +2212,40 @@ namespace Vanara.PInvoke
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool GlobalMemoryStatusEx(ref MEMORYSTATUSEX lpBuffer);
/// <summary>Queries whether user-mode Hardware-enforced Stack Protection is available for the specified environment.</summary>
/// <param name="UserCetEnvironment">
/// <para>The environment to query. This parameter can be one of the following values.</para>
/// <list type="table">
/// <listheader>
/// <term>Value</term>
/// <term>Meaning</term>
/// </listheader>
/// <item>
/// <term>USER_CET_ENVIRONMENT_WIN32_PROCESS 0x00000000UL</term>
/// <term>The Win32 environment.</term>
/// </item>
/// <item>
/// <term>USER_CET_ENVIRONMENT_SGX2_ENCLAVE 0x00000002UL</term>
/// <term>The Intel Software Guard Extensions 2 (SGX2) enclave environment.</term>
/// </item>
/// <item>
/// <term>USER_CET_ENVIRONMENT_VBS_ENCLAVE 0x00000010UL</term>
/// <term>The virtualization-based security (VBS) enclave environment.</term>
/// </item>
/// <item>
/// <term>USER_CET_ENVIRONMENT_VBS_BASIC_ENCLAVE 0x00000011UL</term>
/// <term>The virtualization-based security (VBS) basic enclave environment.</term>
/// </item>
/// </list>
/// </param>
/// <returns>TRUE if user-mode Hardware-enforced Stack Protection is available for the specified environment, FALSE otherwise.</returns>
// https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-isusercetavailableinenvironment
// BOOL IsUserCetAvailableInEnvironment( DWORD UserCetEnvironment );
[DllImport(Lib.Kernel32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("sysinfoapi.h", MSDNShortId = "NF:sysinfoapi.IsUserCetAvailableInEnvironment")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool IsUserCetAvailableInEnvironment(USER_CET_ENVIRONMENT UserCetEnvironment);
/// <summary>
/// Installs the certificate information specified in the resource file, which is linked into the ELAM driver at build time. This API
/// is used by anti-malware vendors to launch the anti-malware software's user-mode service as protected. For more information, see