1 files changed, 100 insertions, 0 deletions
diff --git a/src/libs/dutil/WixToolset.DUtil/apputil.cpp b/src/libs/dutil/WixToolset.DUtil/apputil.cpp
index c08fffc7..6c56f1a0 100644
--- a/src/libs/dutil/WixToolset.DUtil/apputil.cpp
+++ b/src/libs/dutil/WixToolset.DUtil/apputil.cpp
@@ -19,10 +19,15 @@
 typedef BOOL(WINAPI *LPFN_SETDEFAULTDLLDIRECTORIES)(DWORD);
 typedef BOOL(WINAPI *LPFN_SETDLLDIRECTORYW)(LPCWSTR);
+typedef BOOL(WINAPI *LPFN_SETPROCESSMITIGATIONPOLICY)(PROCESS_MITIGATION_POLICY, PVOID, SIZE_T);
 static BOOL vfInitialized = FALSE;
 static LPFN_SETDEFAULTDLLDIRECTORIES vpfnSetDefaultDllDirectories = NULL;
 static LPFN_SETDLLDIRECTORYW vpfnSetDllDirectory = NULL;
+static LPFN_SETPROCESSMITIGATIONPOLICY vpfnSetProcessMitigationPolicy = NULL;
+static const DWORD APP_MITIGATION_POLICY_DISABLED = 0;
+static const DWORD APP_MITIGATION_POLICY_ENABLED = 1;
 /********************************************************************
 EscapeCommandLineArgument - encodes wzArgument such that
@@ -50,6 +55,7 @@ static void Initialize()
    vpfnSetDefaultDllDirectories = (LPFN_SETDEFAULTDLLDIRECTORIES)::GetProcAddress(hKernel32, "SetDefaultDllDirectories");
    vpfnSetDllDirectory = (LPFN_SETDLLDIRECTORYW)::GetProcAddress(hKernel32, "SetDllDirectoryW");
+    vpfnSetProcessMitigationPolicy = (LPFN_SETPROCESSMITIGATIONPOLICY)::GetProcAddress(hKernel32, "SetProcessMitigationPolicy");
    vfInitialized = TRUE;
@@ -190,6 +196,100 @@ DAPI_(void) AppInitializeUnsafe()
    ::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
 }
+DAPI_(HRESULT) AppSetDefaultProcessMitigationPolicy(
+    __in_z LPCWSTR wzPolicyPath
+    )
+{
+    HRESULT hr = S_OK;
+    HRESULT hrPolicy = S_OK;
+    DWORD dwPolicy = APP_MITIGATION_POLICY_DISABLED;
+    BOOL fApplied = FALSE;
+    PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY redirectionTrustPolicy = { };
+    PROCESS_MITIGATION_DYNAMIC_CODE_POLICY dynamicCodePolicy = { };
+    PROCESS_MITIGATION_FONT_DISABLE_POLICY fontDisablePolicy = { };
+    Initialize();
+    if (!vpfnSetProcessMitigationPolicy)
+    {
+        ExitFunction1(hr = S_FALSE);
+    }
+    hrPolicy = PolcReadNumber(wzPolicyPath, L"RedirectionGuard", APP_MITIGATION_POLICY_ENABLED, &dwPolicy);
+    if (FAILED(hrPolicy))
+    {
+        TraceError(hrPolicy, "Failed to read mitigation policy setting: RedirectionGuard.");
+        dwPolicy = APP_MITIGATION_POLICY_ENABLED;
+    }
+    if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
+    {
+        redirectionTrustPolicy.EnforceRedirectionTrust = 1;
+        if (!vpfnSetProcessMitigationPolicy(ProcessRedirectionTrustPolicy, &redirectionTrustPolicy, sizeof(redirectionTrustPolicy)))
+        {
+            hr = HRESULT_FROM_WIN32(::GetLastError());
+            TraceError(hr, "Failed to set RedirectionGuard mitigation policy.");
+        }
+        else
+        {
+            fApplied = TRUE;
+        }
+    }
+    hrPolicy = PolcReadNumber(wzPolicyPath, L"DynamicCode", APP_MITIGATION_POLICY_DISABLED, &dwPolicy);
+    if (FAILED(hrPolicy))
+    {
+        TraceError(hrPolicy, "Failed to read mitigation policy setting: DynamicCode.");
+        dwPolicy = APP_MITIGATION_POLICY_DISABLED;
+    }
+    if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
+    {
+        dynamicCodePolicy.ProhibitDynamicCode = 1;
+        if (!vpfnSetProcessMitigationPolicy(ProcessDynamicCodePolicy, &dynamicCodePolicy, sizeof(dynamicCodePolicy)))
+        {
+            hr = HRESULT_FROM_WIN32(::GetLastError());
+            TraceError(hr, "Failed to set DynamicCode mitigation policy.");
+        }
+        else
+        {
+            fApplied = TRUE;
+        }
+    }
+    hrPolicy = PolcReadNumber(wzPolicyPath, L"FontDisable", APP_MITIGATION_POLICY_DISABLED, &dwPolicy);
+    if (FAILED(hrPolicy))
+    {
+        TraceError(hrPolicy, "Failed to read mitigation policy setting: FontDisable.");
+        dwPolicy = APP_MITIGATION_POLICY_DISABLED;
+    }
+    if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
+    {
+        fontDisablePolicy.DisableNonSystemFonts = 1;
+        if (!vpfnSetProcessMitigationPolicy(ProcessFontDisablePolicy, &fontDisablePolicy, sizeof(fontDisablePolicy)))
+        {
+            hr = HRESULT_FROM_WIN32(::GetLastError());
+            TraceError(hr, "Failed to set FontDisable mitigation policy.");
+        }
+        else
+        {
+            fApplied = TRUE;
+        }
+    }
+LExit:
+    if (SUCCEEDED(hr) && !fApplied)
+    {
+        hr = S_FALSE;
+    }
+    return hr;
+}
 DAPI_(HRESULT) AppAppendCommandLineArgument(
    __deref_inout_z LPWSTR* psczCommandLine,
    __in_z LPCWSTR wzArgument

diff --git a/src/libs/dutil/WixToolset.DUtil/apputil.cpp b/src/libs/dutil/WixToolset.DUtil/apputil.cpp index c08fffc7..6c56f1a0 100644 --- a/src/libs/dutil/WixToolset.DUtil/apputil.cpp +++ b/src/libs/dutil/WixToolset.DUtil/apputil.cpp
@@ -19,10 +19,15 @@
19		19
20	typedef BOOL(WINAPI *LPFN_SETDEFAULTDLLDIRECTORIES)(DWORD);	20	typedef BOOL(WINAPI *LPFN_SETDEFAULTDLLDIRECTORIES)(DWORD);
21	typedef BOOL(WINAPI *LPFN_SETDLLDIRECTORYW)(LPCWSTR);	21	typedef BOOL(WINAPI *LPFN_SETDLLDIRECTORYW)(LPCWSTR);
		22	typedef BOOL(WINAPI *LPFN_SETPROCESSMITIGATIONPOLICY)(PROCESS_MITIGATION_POLICY, PVOID, SIZE_T);
22		23
23	static BOOL vfInitialized = FALSE;	24	static BOOL vfInitialized = FALSE;
24	static LPFN_SETDEFAULTDLLDIRECTORIES vpfnSetDefaultDllDirectories = NULL;	25	static LPFN_SETDEFAULTDLLDIRECTORIES vpfnSetDefaultDllDirectories = NULL;
25	static LPFN_SETDLLDIRECTORYW vpfnSetDllDirectory = NULL;	26	static LPFN_SETDLLDIRECTORYW vpfnSetDllDirectory = NULL;
		27	static LPFN_SETPROCESSMITIGATIONPOLICY vpfnSetProcessMitigationPolicy = NULL;
		28
		29	static const DWORD APP_MITIGATION_POLICY_DISABLED = 0;
		30	static const DWORD APP_MITIGATION_POLICY_ENABLED = 1;
26		31
27	/********************************************************************	32	/********************************************************************
28	EscapeCommandLineArgument - encodes wzArgument such that	33	EscapeCommandLineArgument - encodes wzArgument such that
@@ -50,6 +55,7 @@ static void Initialize()
50		55
51	vpfnSetDefaultDllDirectories = (LPFN_SETDEFAULTDLLDIRECTORIES)::GetProcAddress(hKernel32, "SetDefaultDllDirectories");	56	vpfnSetDefaultDllDirectories = (LPFN_SETDEFAULTDLLDIRECTORIES)::GetProcAddress(hKernel32, "SetDefaultDllDirectories");
52	vpfnSetDllDirectory = (LPFN_SETDLLDIRECTORYW)::GetProcAddress(hKernel32, "SetDllDirectoryW");	57	vpfnSetDllDirectory = (LPFN_SETDLLDIRECTORYW)::GetProcAddress(hKernel32, "SetDllDirectoryW");
		58	vpfnSetProcessMitigationPolicy = (LPFN_SETPROCESSMITIGATIONPOLICY)::GetProcAddress(hKernel32, "SetProcessMitigationPolicy");
53		59
54	vfInitialized = TRUE;	60	vfInitialized = TRUE;
55		61
@@ -190,6 +196,100 @@ DAPI_(void) AppInitializeUnsafe()
190	::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);	196	::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
191	}	197	}
192		198
		199	DAPI_(HRESULT) AppSetDefaultProcessMitigationPolicy(
		200	__in_z LPCWSTR wzPolicyPath
		201	)
		202	{
		203	HRESULT hr = S_OK;
		204	HRESULT hrPolicy = S_OK;
		205	DWORD dwPolicy = APP_MITIGATION_POLICY_DISABLED;
		206	BOOL fApplied = FALSE;
		207	PROCESS_MITIGATION_REDIRECTION_TRUST_POLICY redirectionTrustPolicy = { };
		208	PROCESS_MITIGATION_DYNAMIC_CODE_POLICY dynamicCodePolicy = { };
		209	PROCESS_MITIGATION_FONT_DISABLE_POLICY fontDisablePolicy = { };
		210
		211	Initialize();
		212
		213	if (!vpfnSetProcessMitigationPolicy)
		214	{
		215	ExitFunction1(hr = S_FALSE);
		216	}
		217
		218	hrPolicy = PolcReadNumber(wzPolicyPath, L"RedirectionGuard", APP_MITIGATION_POLICY_ENABLED, &dwPolicy);
		219	if (FAILED(hrPolicy))
		220	{
		221	TraceError(hrPolicy, "Failed to read mitigation policy setting: RedirectionGuard.");
		222	dwPolicy = APP_MITIGATION_POLICY_ENABLED;
		223	}
		224
		225	if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
		226	{
		227	redirectionTrustPolicy.EnforceRedirectionTrust = 1;
		228
		229	if (!vpfnSetProcessMitigationPolicy(ProcessRedirectionTrustPolicy, &redirectionTrustPolicy, sizeof(redirectionTrustPolicy)))
		230	{
		231	hr = HRESULT_FROM_WIN32(::GetLastError());
		232	TraceError(hr, "Failed to set RedirectionGuard mitigation policy.");
		233	}
		234	else
		235	{
		236	fApplied = TRUE;
		237	}
		238	}
		239
		240	hrPolicy = PolcReadNumber(wzPolicyPath, L"DynamicCode", APP_MITIGATION_POLICY_DISABLED, &dwPolicy);
		241	if (FAILED(hrPolicy))
		242	{
		243	TraceError(hrPolicy, "Failed to read mitigation policy setting: DynamicCode.");
		244	dwPolicy = APP_MITIGATION_POLICY_DISABLED;
		245	}
		246
		247	if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
		248	{
		249	dynamicCodePolicy.ProhibitDynamicCode = 1;
		250
		251	if (!vpfnSetProcessMitigationPolicy(ProcessDynamicCodePolicy, &dynamicCodePolicy, sizeof(dynamicCodePolicy)))
		252	{
		253	hr = HRESULT_FROM_WIN32(::GetLastError());
		254	TraceError(hr, "Failed to set DynamicCode mitigation policy.");
		255	}
		256	else
		257	{
		258	fApplied = TRUE;
		259	}
		260	}
		261
		262	hrPolicy = PolcReadNumber(wzPolicyPath, L"FontDisable", APP_MITIGATION_POLICY_DISABLED, &dwPolicy);
		263	if (FAILED(hrPolicy))
		264	{
		265	TraceError(hrPolicy, "Failed to read mitigation policy setting: FontDisable.");
		266	dwPolicy = APP_MITIGATION_POLICY_DISABLED;
		267	}
		268
		269	if (APP_MITIGATION_POLICY_ENABLED == dwPolicy)
		270	{
		271	fontDisablePolicy.DisableNonSystemFonts = 1;
		272
		273	if (!vpfnSetProcessMitigationPolicy(ProcessFontDisablePolicy, &fontDisablePolicy, sizeof(fontDisablePolicy)))
		274	{
		275	hr = HRESULT_FROM_WIN32(::GetLastError());
		276	TraceError(hr, "Failed to set FontDisable mitigation policy.");
		277	}
		278	else
		279	{
		280	fApplied = TRUE;
		281	}
		282	}
		283
		284	LExit:
		285	if (SUCCEEDED(hr) && !fApplied)
		286	{
		287	hr = S_FALSE;
		288	}
		289
		290	return hr;
		291	}
		292
193	DAPI_(HRESULT) AppAppendCommandLineArgument(	293	DAPI_(HRESULT) AppAppendCommandLineArgument(
194	__deref_inout_z LPWSTR* psczCommandLine,	294	__deref_inout_z LPWSTR* psczCommandLine,
195	__in_z LPCWSTR wzArgument	295	__in_z LPCWSTR wzArgument