Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Restricts (or restores) access by an enclave to the address space of its containing process. This policy applies to all threads in the enclave.
Syntax
HRESULT EnclaveRestrictContainingProcessAccess(
BOOL RestrictAccess,
PBOOL PreviouslyRestricted
);
Parameters
RestrictAccess
Set this value to TRUE if the process should restrict (i.e. disable) access to the address space of the containing process. Otherwise, set it to FALSE if restrictions should be relaxed, and the containing address space should be accessible.
PreviouslyRestricted
A pointer to a variable that will receive the previous state of the restriction.
Return value
An HRESULT value that indicates the success or failure of the operation.
Remarks
Note that the EnclaveCopyOutOfEnclave and EnclaveCopyIntoEnclave APIs will still continue to work (and access the address space of the containing process) even when access is restricted using EnclaveRestrictContainingProcessAccess.
Access to the containing process's address space can also be restricted by setting the IMAGE_ENCLAVE_POLICY_STRICT_MEMORY flag in the enclave's image configuration. The EnclaveRestrictContainingProcessAccess API can be used to change this policy at runtime.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 11 24H2 [desktop apps only] |
| Minimum supported server | Windows Server 2025 [desktop apps only] |
| Header | winenclaveapi.h |
| Library | Vertdll.lib |
| DLL | Vertdll.dll |