检查Internet Explorer保护模式

时间:2009-02-19 18:32:09

标签: c++ winapi windows-vista

我有几个问题: 1)据我所知,在IE扩展中使用的函数IEIsProtectedModeProcess 有没有办法以编程方式了解Internet Explorer是否在IE之外的受保护模式下运行?

由于

1 个答案:

答案 0 :(得分:2)

这是一个有趣的问题,试图解决。我提到了Microsoft Press的Writing Secure Code for Windows Vista

基本上,当IE处于保护模式时,它以“低”完整性级别运行。如果完整性级别大于低(例如中等或高),则IE进程未在受保护模式下运行。 Vista上进程的默认完整性级别为“中”。下面是一些代码,它们允许您在给定pid或进程句柄的情况下获取进程的完整性级别。如果你有IWebBrowser2,你可以使用GetWindowThreadProcessId从HWND获取pid。

DWORD GetProcessIntegrityLevel(HANDLE hProcess,
                                 wchar_t __out_ecount_z(cbIl) *wszIl,
                                 size_t cbIl) 
{
    if (!wszIl) return 0xffffffff;
    memset(wszIl,0,cbIl);
    DWORD err = 0;
    try {
        HANDLE hToken = NULL;
        if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
            throw GetLastError();

        DWORD cbBuf = 0;
        if (GetTokenInformation(hToken,TokenIntegrityLevel,NULL,0,&cbBuf) != 0)
            throw GetLastError();
        TOKEN_MANDATORY_LABEL * pTml =
            reinterpret_cast<TOKEN_MANDATORY_LABEL*> (new char[cbBuf]);
        if (pTml &&
            GetTokenInformation(
            hToken,
            TokenIntegrityLevel,
            pTml,
            cbBuf,
            &cbBuf)) {
                CloseHandle(hToken);
                hToken = NULL;
                DWORD ridIl = *GetSidSubAuthority(pTml->Label.Sid, 0);
                if (ridIl < SECURITY_MANDATORY_LOW_RID)
                    wcscpy_s(wszIl,cbIl,L"?");
                else if (ridIl >= SECURITY_MANDATORY_LOW_RID &&
                    ridIl < SECURITY_MANDATORY_MEDIUM_RID)
                    wcscpy_s(wszIl,cbIl,L"Low");
                else if (ridIl >= SECURITY_MANDATORY_MEDIUM_RID &&
                    ridIl < SECURITY_MANDATORY_HIGH_RID)
                    wcscpy_s(wszIl,cbIl,L"Medium");
                else if (ridIl >= SECURITY_MANDATORY_HIGH_RID &&
                    ridIl < SECURITY_MANDATORY_SYSTEM_RID)
                    wcscpy_s(wszIl,cbIl,L"High");
                else if (ridIl >= SECURITY_MANDATORY_SYSTEM_RID)
                    wcscpy_s(wszIl,cbIl,L"System");
                if (ridIl > SECURITY_MANDATORY_LOW_RID &&
                    ridIl != SECURITY_MANDATORY_MEDIUM_RID &&
                    ridIl != SECURITY_MANDATORY_HIGH_RID &&
                    ridIl != SECURITY_MANDATORY_SYSTEM_RID)
                    wcscat_s(wszIl,cbIl,L"+");
                delete [] reinterpret_cast<char*>(pTml);
                pTml = NULL;
        } else {
            throw GetLastError();
        }
    } catch(DWORD dwErr) {
        err = dwErr;
        wprintf(L"Error %d",GetLastError());
    } catch(std::bad_alloc e) {
        err = ERROR_OUTOFMEMORY;
        wprintf(L"Error %d",err);
    }
    return err;
}



DWORD GetProcessIntegrityLevel(long pid,
                               wchar_t __out_ecount_z(cbIl) *wszIl,
                               size_t cbIl) 
{
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    if (hProcess != NULL)
        return GetProcessIntegrityLevel(hProcess, wszIl, cbIl);
    else 
        return -1;
}

DWORD GetProcessIntegrityLevel(wchar_t __out_ecount_z(cbIl) *wszIl,
                               size_t cbIl) 
{
    HANDLE currentProcess = GetCurrentProcess();
    return GetProcessIntegrityLevel(currentProcess, wszIl, cbIl);
}