/// <summary> /// Get a mitigation policy raw value /// </summary> /// <param name="policy">The policy to get</param> /// <returns>The raw policy value</returns> public int GetProcessMitigationPolicy(ProcessMitigationPolicy policy) { switch (policy) { case ProcessMitigationPolicy.ProcessDEPPolicy: case ProcessMitigationPolicy.ProcessReserved1Policy: case ProcessMitigationPolicy.ProcessMitigationOptionsMask: throw new ArgumentException("Invalid mitigation policy"); } MitigationPolicy p = new MitigationPolicy(); p.Policy = policy; using (var buffer = p.ToBuffer()) { int return_length; NtStatus status = NtSystemCalls.NtQueryInformationProcess(Handle, ProcessInfoClass.ProcessMitigationPolicy, buffer, buffer.Length, out return_length); if (!status.IsSuccess()) { if (status != NtStatus.STATUS_INVALID_PARAMETER && status != NtStatus.STATUS_NOT_SUPPORTED) { status.ToNtException(); } return(0); } return(buffer.Result.Result); } }
/// <summary> /// Disable dynamic code policy on another process. /// </summary> public void DisableDynamicCodePolicy() { if (!NtToken.EnableDebugPrivilege()) { throw new InvalidOperationException("Must have Debug privilege to disable code policy"); } MitigationPolicy p = new MitigationPolicy(); p.Policy = ProcessMitigationPolicy.ProcessDynamicCodePolicy; using (var buffer = p.ToBuffer()) { NtSystemCalls.NtSetInformationProcess(Handle, ProcessInfoClass.ProcessMitigationPolicy, buffer, buffer.Length).ToNtException(); } }