| UID | tech.root | title | ms.date | ms.topic | targetos | description | req.assembly | req.construct-type | req.ddi-compliance | req.dll | req.header | req.idl | req.include-header | req.irql | req.kmdf-ver | req.lib | req.max-support | req.namespace | req.redist | req.target-min-winverclnt | req.target-min-winversvr | req.target-type | req.type-library | req.umdf-ver | req.unicode-ansi | topic_type | api_type | api_location | api_name | f1_keywords | dev_langs | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NF:processthreadsapi.SetProcessDynamicEnforcedCetCompatibleRanges |
processthreadsapi |
SetProcessDynamicEnforcedCetCompatibleRanges |
02/02/2021 |
language-reference |
Windows |
Sets dynamic enforced CETCOMPAT ranges for the specified process. |
function |
processthreadsapi.h |
Windows 10, version 2004 (10.0; Build 19041.662) |
Windows Server, version 2004 (10.0; Build 19041.662) |
|
|
|
|
|
Note
This API was added to the 19041 SDK in an update released in November 2020.
Sets dynamic enforced CETCOMPAT ranges for the specified process.
A handle to the process. This handle must have the PROCESS_SET_INFORMATION access right. For more information, see Process Security and Access Rights.
Supplies the number of dynamic enforced CETCOMPAT ranges to set.
A pointer to an array of dynamic enforced CETCOMPAT ranges. For more information on this structure, see PROCESS_DYNAMIC_ENFORCED_ADDRESS_RANGE.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. Note that even if the function fails, a portion of the supplied CETCOMPAT ranges may have been successfully processed. The caller needs to check the flags in each individual CETCOMPAT range specified via Ranges to determine if it was successfully processed.
User-mode Hardware-enforced Stack Protection (HSP) is a security feature where the CPU verifies function return addresses at runtime by employing a shadow stack mechanism, if supported by the hardware. In HSP compatibility mode, only shadow stack violations occurring in modules that are considered compatible with shadow stacks (CETCOMPAT) are fatal. For a module to be considered CETCOMPAT, it needs to be either compiled with CETCOMPAT for binaries, or marked using SetProcessDynamicEnforcedCetCompatibleRanges for dynamic code. In HSP strict mode, all shadow stack violations are fatal.