WldpCanExecuteBuffer function (wldp.h)
Queries whether the execution policy allows execution of the code in the supplied buffer.
Syntax
HRESULT WldpCanExecuteBuffer(
[in] REFGUID host,
[in] WLDP_EXECUTION_EVALUATION_OPTIONS options,
[in] const BYTE *buffer,
[in] ULONG bufferSize,
[in, optional] PCWSTR auditInfo,
[out] WLDP_EXECUTION_POLICY *result
);
Parameters
[in] host
A GUID specifying the calling program. For the list of pre-defined GUIDs that can be used for this parameter, see WLDP Host GUIDs. For hosts for which a specific value is not defined, use GUID WLDP_HOST_GUID_OTHER.
[in] options
A value from the WLDP_EXECUTION_EVALUATION_OPTIONS specifying options for the execution authorization request.
[in] buffer
The buffer containing script code to be validated.
Important
Buffers passed to WldpCanExecuteBuffer should be read-only and the caller should not cache the security authorization on a specific buffer. These measures are necessary to prevent TOC/TOU vulnerabilities that could subvert script enforcement policy.
[in] bufferSize
The size of buffer, in bytes.
[in, optional] auditInfo
A string that should include relevant contextual information for the caller to use in debugging. If an authorization request fails this string will be recorded in the event log, under “Applocker/MSI and Scripts/Operational”. Callers should note that, while the AuditInfo is not size limited, the string should be less than 4K bytes in size because it will be placed in the event log.
[out] result
Receives a pointer to a value from the WLDP_EXECUTION_POLICY enumeration, indicating the execution policy result of the query.
Return value
Returns S_OK on success and a failure code otherwise.
Remarks
This method is provided as a replacement for WldpGetLockdownPolicy. This interface is differentiated from WldpGetLockdownPolicy in the following ways:
- Encourages callers to ensure that the subject (file, buffer, or stream) passes os execution policy.
- Allows calling apps to provide additional audit information for diagnostic purposes.
- Allows verification of buffers and streams of code.
- Simplifies the calling pattern.
- Supports fine grained execution policies like for example interactive mode in cmd or powershell
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 11, Build 22621 |
| Minimum supported server | Windows 11, Build 22621 |
| Header | wldp.h |
| Library | wldp.lib |
| DLL | wldp.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for