我有几个问题: 1)据我所知,在IE扩展中使用的函数IEIsProtectedModeProcess 有没有办法以编程方式了解Internet Explorer是否在IE之外的受保护模式下运行?
由于
答案 0 :(得分:2)
这是一个有趣的问题,试图解决。我提到了Microsoft Press的Writing Secure Code for Windows Vista。
基本上,当IE处于保护模式时,它以“低”完整性级别运行。如果完整性级别大于低(例如中等或高),则IE进程未在受保护模式下运行。 Vista上进程的默认完整性级别为“中”。下面是一些代码,它们允许您在给定pid或进程句柄的情况下获取进程的完整性级别。如果你有IWebBrowser2,你可以使用GetWindowThreadProcessId从HWND获取pid。
DWORD GetProcessIntegrityLevel(HANDLE hProcess,
wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
if (!wszIl) return 0xffffffff;
memset(wszIl,0,cbIl);
DWORD err = 0;
try {
HANDLE hToken = NULL;
if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
throw GetLastError();
DWORD cbBuf = 0;
if (GetTokenInformation(hToken,TokenIntegrityLevel,NULL,0,&cbBuf) != 0)
throw GetLastError();
TOKEN_MANDATORY_LABEL * pTml =
reinterpret_cast<TOKEN_MANDATORY_LABEL*> (new char[cbBuf]);
if (pTml &&
GetTokenInformation(
hToken,
TokenIntegrityLevel,
pTml,
cbBuf,
&cbBuf)) {
CloseHandle(hToken);
hToken = NULL;
DWORD ridIl = *GetSidSubAuthority(pTml->Label.Sid, 0);
if (ridIl < SECURITY_MANDATORY_LOW_RID)
wcscpy_s(wszIl,cbIl,L"?");
else if (ridIl >= SECURITY_MANDATORY_LOW_RID &&
ridIl < SECURITY_MANDATORY_MEDIUM_RID)
wcscpy_s(wszIl,cbIl,L"Low");
else if (ridIl >= SECURITY_MANDATORY_MEDIUM_RID &&
ridIl < SECURITY_MANDATORY_HIGH_RID)
wcscpy_s(wszIl,cbIl,L"Medium");
else if (ridIl >= SECURITY_MANDATORY_HIGH_RID &&
ridIl < SECURITY_MANDATORY_SYSTEM_RID)
wcscpy_s(wszIl,cbIl,L"High");
else if (ridIl >= SECURITY_MANDATORY_SYSTEM_RID)
wcscpy_s(wszIl,cbIl,L"System");
if (ridIl > SECURITY_MANDATORY_LOW_RID &&
ridIl != SECURITY_MANDATORY_MEDIUM_RID &&
ridIl != SECURITY_MANDATORY_HIGH_RID &&
ridIl != SECURITY_MANDATORY_SYSTEM_RID)
wcscat_s(wszIl,cbIl,L"+");
delete [] reinterpret_cast<char*>(pTml);
pTml = NULL;
} else {
throw GetLastError();
}
} catch(DWORD dwErr) {
err = dwErr;
wprintf(L"Error %d",GetLastError());
} catch(std::bad_alloc e) {
err = ERROR_OUTOFMEMORY;
wprintf(L"Error %d",err);
}
return err;
}
DWORD GetProcessIntegrityLevel(long pid,
wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess != NULL)
return GetProcessIntegrityLevel(hProcess, wszIl, cbIl);
else
return -1;
}
DWORD GetProcessIntegrityLevel(wchar_t __out_ecount_z(cbIl) *wszIl,
size_t cbIl)
{
HANDLE currentProcess = GetCurrentProcess();
return GetProcessIntegrityLevel(currentProcess, wszIl, cbIl);
}