Created
June 3, 2023 14:35
-
-
Save diversenok/3a9b8b18a541ee30082fdb4eb0b6275b to your computer and use it in GitHub Desktop.
Safe open prompt origin claim definitions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef enum _SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS { | |
| SeSafeOpenExperienceNone = 0x00, | |
| SeSafeOpenExperienceCalled = 0x01, | |
| SeSafeOpenExperienceAppRepCalled = 0x02, | |
| SeSafeOpenExperiencePromptDisplayed = 0x04, | |
| SeSafeOpenExperienceUAC = 0x08, | |
| SeSafeOpenExperienceUninstaller = 0x10, | |
| SeSafeOpenExperienceIgnoreUnknownOrBad = 0x20, | |
| SeSafeOpenExperienceDefenderTrustedInstaller = 0x40, | |
| SeSafeOpenExperienceMOTWPresent = 0x80, | |
| SeSafeOpenExperienceElevatedNoPropagation = 0x100 | |
| } SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS; | |
| // The underlying type for SMARTLOCKER://SMARTSCREENORIGINCLAIM, | |
| // PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM, and | |
| // PROC_THREAD_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM | |
| typedef struct _SE_SAFE_OPEN_PROMPT_RESULTS { | |
| SE_SAFE_OPEN_PROMPT_EXPERIENCE_RESULTS Results; | |
| WCHAR Path[MAX_PATH]; | |
| } SE_SAFE_OPEN_PROMPT_RESULTS, *PSE_SAFE_OPEN_PROMPT_RESULTS; | |
| // The extended CI type | |
| typedef struct _SE_CODEINTEGRITY_ORIGIN_CLAIM { | |
| SE_SAFE_OPEN_PROMPT_RESULTS PromptResults; | |
| SINGLE_LIST_ENTRY AppIdTaggingClaimsHead; | |
| } SE_CODEINTEGRITY_ORIGIN_CLAIM, *PSE_CODEINTEGRITY_ORIGIN_CLAIM; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment