WldpCanExecuteBuffer function (wldp.h)

Article
02/22/2024

Queries whether the execution policy allows execution of the code in the supplied buffer.

Syntax

HRESULT WldpCanExecuteBuffer(
  [in]           REFGUID                           host,
  [in]           WLDP_EXECUTION_EVALUATION_OPTIONS options,
  [in]           const BYTE                        *buffer,
  [in]           ULONG                             bufferSize,
  [in, optional] PCWSTR                            auditInfo,
  [out]          WLDP_EXECUTION_POLICY             *result
);

Parameters

[in] host

A GUID specifying the calling program. For the list of pre-defined GUIDs that can be used for this parameter, see WLDP Host GUIDs. For hosts for which a specific value is not defined, use GUID WLDP_HOST_GUID_OTHER.

[in] options

A value from the WLDP_EXECUTION_EVALUATION_OPTIONS specifying options for the execution authorization request.

[in] buffer

The buffer containing script code to be validated.

Important

Buffers passed to WldpCanExecuteBuffer should be read-only and the caller should not cache the security authorization on a specific buffer. These measures are necessary to prevent TOC/TOU vulnerabilities that could subvert script enforcement policy.

[in] bufferSize

The size of buffer, in bytes.

[in, optional] auditInfo

A string that should include relevant contextual information for the caller to use in debugging. If an authorization request fails this string will be recorded in the event log, under “Applocker/MSI and Scripts/Operational”. Callers should note that, while the AuditInfo is not size limited, the string should be less than 4K bytes in size because it will be placed in the event log.

[out] result

Receives a pointer to a value from the WLDP_EXECUTION_POLICY enumeration, indicating the execution policy result of the query.

Return value

Returns S_OK on success and a failure code otherwise.

Remarks

This method is provided as a replacement for WldpGetLockdownPolicy. This interface is differentiated from WldpGetLockdownPolicy in the following ways:

Encourages callers to ensure that the subject (file, buffer, or stream) passes os execution policy.
Allows calling apps to provide additional audit information for diagnostic purposes.
Allows verification of buffers and streams of code.
Simplifies the calling pattern.
Supports fine grained execution policies like for example interactive mode in cmd or powershell

Requirements

Requirement	Value
Minimum supported client	Windows 11, Build 22621
Minimum supported server	Windows 11, Build 22621
Header	wldp.h
Library	wldp.lib
DLL	wldp.dll

Share via

WldpCanExecuteBuffer function (wldp.h)

Syntax

Parameters

Return value

Remarks

Requirements

See also

Feedback

Additional resources