Skip to main content

MitigationPlan

windows_erg::mitigation

Struct MitigationPlan

pub struct MitigationPlan { /* private fields */ }

Expand description

Builder for mitigation application.

Implementations§

impl MitigationPlan

pub fn new() -> Self

Create an empty mitigation plan.

pub fn enable(self, mitigation: ProcessMitigation) -> Self

Enable one mitigation in this plan.

pub fn apply_to_current(&self) -> Result<()>

Apply all configured mitigations to the current process.

pub fn emit_compile_time(&self)

Emit compile-time linker directives for enabled mitigations.

This method prints cargo:rustc-link-arg directives to stdout, intended for use in a build.rs script. Each linker directive enables binary-level protections on the compiled executable.

§Supported Mitigations

Only mitigations with direct binary-level equivalents emit directives:

MicrosoftSignedOnly → /DEPENDENTLOADFLAG:0x800 + /INTEGRITYCHECK
DisableDynamicCode → /guard:cf (Control Flow Guard)
RestrictPayload → /HIGHENTROPYVA (High Entropy ASLR)

The following are runtime-only and produce no compile-time output:

BlockRemoteImages, PreferSystem32Images, BlockChildProcessCreation

§Example (in build.rs)

use windows_erg::mitigation::{MitigationPlan, ProcessMitigation};

let plan = MitigationPlan::new()
    .enable(ProcessMitigation::DisableDynamicCode)
    .enable(ProcessMitigation::MicrosoftSignedOnly);

plan.emit_compile_time();

pub fn emit_compile_time_with_compat(&self, enable_compat: bool)

Emit compile-time linker directives with optional CET Shadow Stack support.

Similar to [emit_compile_time], but optionally adds /CETCOMPAT for hardware-enforced stack protection (Control-flow Enforcement Technology). Requires Windows 11+ and compatible CPU.

§Arguments

enable_compat - If true, additionally emits /CETCOMPAT

§Example (in build.rs)

use windows_erg::mitigation::{MitigationPlan, ProcessMitigation};

let plan = MitigationPlan::new()
    .enable(ProcessMitigation::DisableDynamicCode);

plan.emit_compile_time_with_compat(true);

Trait Implementations§

impl Clone for MitigationPlan

fn clone(&self) -> MitigationPlan

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for MitigationPlan

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for MitigationPlan

fn default() -> MitigationPlan

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for MitigationPlan

impl RefUnwindSafe for MitigationPlan

impl Send for MitigationPlan

impl Sync for MitigationPlan

impl Unpin for MitigationPlan

impl UnsafeUnpin for MitigationPlan

impl UnwindSafe for MitigationPlan

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.