I have several question : 1) As I know function IEIsProtectedModeProcess used from within IE extension Is there way to know programmatically whether Internet Explorer run in protected mode outside of IE ?
Thanks
+1
A:
This was an interesting problem to try to solve. I referred to Writing Secure Code for Windows Vista from Microsoft Press.
Essentially when IE is in protected mode it is running in the "Low" integrity level. If the integrity level is greater than low (such as medium or high), then the IE process is not running in protected mode. Default integrity level for processes on Vista is "Medium". Here is some code that will allow you to get the integrity level of a process given it's pid or process handle. If you have IWebBrowser2, you can get the pid from the HWND by using GetWindowThreadProcessId.
DWORD GetProcessIntegrityLevel(HANDLE hProcess,
wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
if (!wszIl) return 0xffffffff;
memset(wszIl,0,cbIl);
DWORD err = 0;
try {
HANDLE hToken = NULL;
if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
throw GetLastError();
DWORD cbBuf = 0;
if (GetTokenInformation(hToken,TokenIntegrityLevel,NULL,0,&cbBuf) != 0)
throw GetLastError();
TOKEN_MANDATORY_LABEL * pTml =
reinterpret_cast<TOKEN_MANDATORY_LABEL*> (new char[cbBuf]);
if (pTml &&
GetTokenInformation(
hToken,
TokenIntegrityLevel,
pTml,
cbBuf,
&cbBuf)) {
CloseHandle(hToken);
hToken = NULL;
DWORD ridIl = *GetSidSubAuthority(pTml->Label.Sid, 0);
if (ridIl < SECURITY_MANDATORY_LOW_RID)
wcscpy_s(wszIl,cbIl,L"?");
else if (ridIl >= SECURITY_MANDATORY_LOW_RID &&
ridIl < SECURITY_MANDATORY_MEDIUM_RID)
wcscpy_s(wszIl,cbIl,L"Low");
else if (ridIl >= SECURITY_MANDATORY_MEDIUM_RID &&
ridIl < SECURITY_MANDATORY_HIGH_RID)
wcscpy_s(wszIl,cbIl,L"Medium");
else if (ridIl >= SECURITY_MANDATORY_HIGH_RID &&
ridIl < SECURITY_MANDATORY_SYSTEM_RID)
wcscpy_s(wszIl,cbIl,L"High");
else if (ridIl >= SECURITY_MANDATORY_SYSTEM_RID)
wcscpy_s(wszIl,cbIl,L"System");
if (ridIl > SECURITY_MANDATORY_LOW_RID &&
ridIl != SECURITY_MANDATORY_MEDIUM_RID &&
ridIl != SECURITY_MANDATORY_HIGH_RID &&
ridIl != SECURITY_MANDATORY_SYSTEM_RID)
wcscat_s(wszIl,cbIl,L"+");
delete [] reinterpret_cast<char*>(pTml);
pTml = NULL;
} else {
throw GetLastError();
}
} catch(DWORD dwErr) {
err = dwErr;
wprintf(L"Error %d",GetLastError());
} catch(std::bad_alloc e) {
err = ERROR_OUTOFMEMORY;
wprintf(L"Error %d",err);
}
return err;
}
DWORD GetProcessIntegrityLevel(long pid,
wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess != NULL)
return GetProcessIntegrityLevel(hProcess, wszIl, cbIl);
else
return -1;
}
DWORD GetProcessIntegrityLevel(wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
HANDLE currentProcess = GetCurrentProcess();
return GetProcessIntegrityLevel(currentProcess, wszIl, cbIl);
}
m-sharp
2009-02-21 20:42:20