Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Process mitigation - signature policy

kernkern Member Posts: 5

Hi,

Is anyone familiar with this policy?
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-process_mitigation_binary_signature_policy

Specifically, I'm trying to understand the meaning of MitigationOptIn
Does having it 'on' means:
1. An image must be signed by Microsoft AND the store AND WHQL (all of them together) in order to be loaded by the process
2. An image must be signed by at least one of the following: { Microsoft ,store, WHQL } in order to be loaded by the process

I tend to believe it's (2), but the documentation is not clear to me. I've tried to look into ci.dll but it requires some digging.

Thanks!

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers 24 January 2022 Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online