Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Software Development for Windows Vista >> Security for Applications in Windows Vista

IE7 Protected Mode and windows hooks

Hello

Can anyone help me with information about hooks ran under Protected Mode in IE7. I am setting up hook from process running under interactive user privileges. Hook procedure perfectly loads into IE7. Upon some event in IE7 I need to send back to the process some data. I am using SendMessage for that purpose, but under Protected mode it fails with access denied error, because privilege level in IE7 context is lower than one in my process(this case is mentioned in Vista SDK documentation).

How can I elevate my situation and let the system pass the message from IE7 to my process instead of just skip it? Can set privileges for my service HWND as low as IE7 is running under? It will bloody hard to switch from Windows messaging to some another technique in my existing project.

Have tried to link my hook dll with "elevation" manifest. Have tried all available values for the elevation level:requireAdministrator,highestAvailable. But had no luck.

Should I sign the hook DLL to succeed.

Manifest:

<?xmlversion="1.0"encoding="UTF-8"standalone="yes"?>

<assemblyxmlns="urn:schemas-microsoft-com:asm.v1"manifestVersion="1.0">

<assemblyIdentityname="My"processorArchitecture="*"version="1.0.0.0"type="win32"/>

<description>

Mine

</description>

<trustInfoxmlns="urn:schemas-microsoft-com:asm.v3">

<security>

<requestedPrivileges>

<requestedExecutionLevellevel="requireAdministrator"uiAccess="true"/>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

Regards, Anton

[4545 byte] By [Antonas] at [2007-12-24]
«« update web referece dynamically
»» Encryption and strings problem
# 1
Somewhere I read about this. Try
http://msdn.microsoft.com/windowsvista/default.aspx?pull=/library/en-us/dnlong/html/AppComp.asp#appcomp_topic7

or google for "sendmessage vista"...

Alesz at 2007-8-31 > top of Msdn Tech,Software Development for Windows Vista,Security for Applications in Windows Vista...
# 2

you need add ChangeWindowMessageFilter() in your process.

Allowing Applications to Receive Window Messages

As mentioned above, UIPI blocks window messages from low to higher integrity processes. If your extension running in Protected mode needs to communicate with an evelated application using window messages, you can call ChangeWindowMessageFilter() from the elevated application to allow specific messages though.

Note The best practice is run your application with low integrity if you are communicating with Protected mode. Otherwise use only secure forms of interprocess communication (IPC), such as remote procedure calls (RPC), to communicate between Protected mode and a higher integrity process.
TommyTian at 2007-8-31 > top of Msdn Tech,Software Development for Windows Vista,Security for Applications in Windows Vista...
# 3
Is there a way to specify like in the manifest that your process should be low integrity? or can you downgrade after you've started? I have a .Net app that interacts with IE in protected mode and am having tons of problems getting drag drop to work.
KrisSelden at 2007-8-31 > top of Msdn Tech,Software Development for Windows Vista,Security for Applications in Windows Vista...
Software Development for Windows Vista
Security for Applications in Windows Vista

Software Development for Windows Vista Hot Topic

Software Development for Windows Vista New Topic

Software Development for Windows Vista

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified