michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ michael@0: /* vim: set ts=2 et sw=2 tw=80: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ michael@0: #define _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_ michael@0: michael@0: #include michael@0: michael@0: // This file contains definitions required for things dynamically loaded michael@0: // while building or targetting lower platform versions or lower SDKs. michael@0: michael@0: #if (_WIN32_WINNT < 0x0600) michael@0: typedef struct _STARTUPINFOEXA { michael@0: STARTUPINFOA StartupInfo; michael@0: LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; michael@0: } STARTUPINFOEXA, *LPSTARTUPINFOEXA; michael@0: typedef struct _STARTUPINFOEXW { michael@0: STARTUPINFOW StartupInfo; michael@0: LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; michael@0: } STARTUPINFOEXW, *LPSTARTUPINFOEXW; michael@0: #ifdef UNICODE michael@0: typedef STARTUPINFOEXW STARTUPINFOEX; michael@0: typedef LPSTARTUPINFOEXW LPSTARTUPINFOEX; michael@0: #else michael@0: typedef STARTUPINFOEXA STARTUPINFOEX; michael@0: typedef LPSTARTUPINFOEXA LPSTARTUPINFOEX; michael@0: #endif // UNICODE michael@0: michael@0: #define PROC_THREAD_ATTRIBUTE_NUMBER 0x0000FFFF michael@0: #define PROC_THREAD_ATTRIBUTE_THREAD 0x00010000 // Attribute may be used with thread creation michael@0: #define PROC_THREAD_ATTRIBUTE_INPUT 0x00020000 // Attribute is input only michael@0: #define PROC_THREAD_ATTRIBUTE_ADDITIVE 0x00040000 // Attribute may be "accumulated," e.g. bitmasks, counters, etc. michael@0: michael@0: #define ProcThreadAttributeValue(Number, Thread, Input, Additive) \ michael@0: (((Number) & PROC_THREAD_ATTRIBUTE_NUMBER) | \ michael@0: ((Thread != FALSE) ? PROC_THREAD_ATTRIBUTE_THREAD : 0) | \ michael@0: ((Input != FALSE) ? PROC_THREAD_ATTRIBUTE_INPUT : 0) | \ michael@0: ((Additive != FALSE) ? PROC_THREAD_ATTRIBUTE_ADDITIVE : 0)) michael@0: michael@0: #define ProcThreadAttributeHandleList 2 michael@0: michael@0: #define PROC_THREAD_ATTRIBUTE_HANDLE_LIST \ michael@0: ProcThreadAttributeValue (ProcThreadAttributeHandleList, FALSE, TRUE, FALSE) michael@0: michael@0: #define PROCESS_DEP_ENABLE 0x00000001 michael@0: #define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 michael@0: michael@0: #endif // (_WIN32_WINNT >= 0x0600) michael@0: michael@0: #if (_WIN32_WINNT < 0x0601) michael@0: #define ProcThreadAttributeMitigationPolicy 7 michael@0: #define PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY \ michael@0: ProcThreadAttributeValue (ProcThreadAttributeMitigationPolicy, FALSE, TRUE, FALSE) michael@0: michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE 0x01 michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE 0x02 michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE 0x04 michael@0: #endif // (_WIN32_WINNT >= 0x0601) michael@0: michael@0: #if (_WIN32_WINNT < 0x0602) michael@0: #define ProcThreadAttributeSecurityCapabilities 9 michael@0: #define PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES \ michael@0: ProcThreadAttributeValue (ProcThreadAttributeSecurityCapabilities, FALSE, TRUE, FALSE) michael@0: michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_MASK (0x00000003 << 8) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_DEFER (0x00000000 << 8) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000001 << 8) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_OFF (0x00000002 << 8) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON_REQ_RELOCS (0x00000003 << 8) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_MASK (0x00000003 << 12) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_DEFER (0x00000000 << 12) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_ON (0x00000001 << 12) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_ALWAYS_OFF (0x00000002 << 12) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HEAP_TERMINATE_RESERVED (0x00000003 << 12) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_MASK (0x00000003 << 16) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_DEFER (0x00000000 << 16) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00000001 << 16) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00000002 << 16) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_RESERVED (0x00000003 << 16) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_MASK (0x00000003 << 20) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_DEFER (0x00000000 << 20) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_ON (0x00000001 << 20) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_ALWAYS_OFF (0x00000002 << 20) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_HIGH_ENTROPY_ASLR_RESERVED (0x00000003 << 20) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_MASK (0x00000003 << 24) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_DEFER (0x00000000 << 24) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_ON (0x00000001 << 24) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_ALWAYS_OFF (0x00000002 << 24) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_STRICT_HANDLE_CHECKS_RESERVED (0x00000003 << 24) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_MASK (0x00000003 << 28) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_DEFER (0x00000000 << 28) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_ON (0x00000001 << 28) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_ALWAYS_OFF (0x00000002 << 28) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_WIN32K_SYSTEM_CALL_DISABLE_RESERVED (0x00000003 << 28) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_MASK (0x00000003ui64 << 32) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_DEFER (0x00000000ui64 << 32) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_ON (0x00000001ui64 << 32) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_ALWAYS_OFF (0x00000002ui64 << 32) michael@0: #define PROCESS_CREATION_MITIGATION_POLICY_EXTENSION_POINT_DISABLE_RESERVED (0x00000003ui64 << 32) michael@0: michael@0: // Check if we're including >= win8 winnt.h michael@0: #ifndef NTDDI_WIN8 michael@0: michael@0: typedef struct _SECURITY_CAPABILITIES { michael@0: PSID AppContainerSid; michael@0: PSID_AND_ATTRIBUTES Capabilities; michael@0: DWORD CapabilityCount; michael@0: DWORD Reserved; michael@0: } SECURITY_CAPABILITIES, *PSECURITY_CAPABILITIES, *LPSECURITY_CAPABILITIES; michael@0: michael@0: typedef enum _PROCESS_MITIGATION_POLICY { michael@0: ProcessDEPPolicy, michael@0: ProcessASLRPolicy, michael@0: ProcessReserved1MitigationPolicy, michael@0: ProcessStrictHandleCheckPolicy, michael@0: ProcessSystemCallDisablePolicy, michael@0: ProcessMitigationOptionsMask, michael@0: ProcessExtensionPointDisablePolicy, michael@0: MaxProcessMitigationPolicy michael@0: } PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY; michael@0: michael@0: #define LOAD_LIBRARY_SEARCH_DEFAULT_DIRS 0x00001000 michael@0: michael@0: typedef struct _PROCESS_MITIGATION_ASLR_POLICY { michael@0: union { michael@0: DWORD Flags; michael@0: struct { michael@0: DWORD EnableBottomUpRandomization : 1; michael@0: DWORD EnableForceRelocateImages : 1; michael@0: DWORD EnableHighEntropy : 1; michael@0: DWORD DisallowStrippedImages : 1; michael@0: DWORD ReservedFlags : 28; michael@0: }; michael@0: }; michael@0: } PROCESS_MITIGATION_ASLR_POLICY, *PPROCESS_MITIGATION_ASLR_POLICY; michael@0: michael@0: typedef struct _PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY { michael@0: union { michael@0: DWORD Flags; michael@0: struct { michael@0: DWORD RaiseExceptionOnInvalidHandleReference : 1; michael@0: DWORD HandleExceptionsPermanentlyEnabled : 1; michael@0: DWORD ReservedFlags : 30; michael@0: }; michael@0: }; michael@0: } PROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PPROCESS_MITIGATION_STRICT_HANDLE_CHECK_POLICY; michael@0: michael@0: typedef struct _PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY { michael@0: union { michael@0: DWORD Flags; michael@0: struct { michael@0: DWORD DisallowWin32kSystemCalls : 1; michael@0: DWORD ReservedFlags : 31; michael@0: }; michael@0: }; michael@0: } PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PPROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY; michael@0: michael@0: typedef struct _PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY { michael@0: union { michael@0: DWORD Flags; michael@0: struct { michael@0: DWORD DisableExtensionPoints : 1; michael@0: DWORD ReservedFlags : 31; michael@0: }; michael@0: }; michael@0: } PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PPROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY; michael@0: michael@0: #endif // NTDDI_WIN8 michael@0: #endif // (_WIN32_WINNT < 0x0602) michael@0: #endif // _SECURITY_SANDBOX_BASE_SHIM_SDKDECLS_H_