Can you enable blockdlls on the current process rather than only on child processes? How does the API differ between Windows 8 and Windows 10?

Question

Can you enable blockdlls on the current process rather than only on child processes? How does the API differ between Windows 8 and Windows 10?

Accepted Answer

Yes, you can enable blockdlls on the current process by modifying its `ProcessSignaturePolicy` to enable `MicrosoftSignedOnly`. On Windows 10, this is done using `SetProcessMitigationPolicy()`. On Windows 8, that API fails, so you must use `NtSetInformationProcess()` instead. The implementation details are covered in the blockdlls exploitation analysis, which provides separate code for each OS version.

Can you enable blockdlls on the current process rather than only on child processes? How does the API differ between Windows 8 and Windows 10?

Explore More Q&A