Lowering resource Integrity Level
-
Hi, I'm working in a Single Sign On App, and I need to comunicate a BHO with it's controller App, I'm using a memory mapped file for that. If the BHO is the one who creates the mapped file, everything works fine (The mapped file is LI) If the controller app creates the mapped file, the BHO fails to open the mapped file (The Mapped file is MI ) So I decided to lower the maped file integrity using the code provided by MS in the paper "Understanding and working in protected mode internet explorer". But that code doesnt work, and I have seen in this forum that a lot of people is having problems with that code, and I can't find any documentation about this at MSDN In resume: How can I lower a resource integrity level? Can someone help me or give me a hint? Here is the code I'm using to create the mapped file and lower the it's Integrity level: Notice that I replaced the values SDDL_REVISION_1 by 1 and LABEL_SECURITY_INFORMATION by 0x00000010L because I cant find where are defined. Thanks in advance
HANDLE m_hMapVars = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, //&sa, PAGE_READWRITE, 0, 1024, "F31B3896-3455-4d0d-1234-2389346239874"); //Security Descriptor #define LOW_INTEGRITY_SDDL_SACL "S:(ML;;NW;;;LW)" PSECURITY_DESCRIPTOR pSd = NULL; PACL pSacl = NULL; BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; if(ConvertStringSecurityDescriptorToSecurityDescriptor(LOW_INTEGRITY_SDDL_SACL, 1, &pSd , NULL)) { if(GetSecurityDescriptorSacl(pSd, &fSaclPresent, &pSacl, &fSaclDefaulted)) { if(ERROR_SUCCESS != SetSecurityInfo(m_hMapVars, SE_FILE_OBJECT, 0x00000010L , NULL,NULL,NULL, pSacl)) } } } -
Hi, I'm working in a Single Sign On App, and I need to comunicate a BHO with it's controller App, I'm using a memory mapped file for that. If the BHO is the one who creates the mapped file, everything works fine (The mapped file is LI) If the controller app creates the mapped file, the BHO fails to open the mapped file (The Mapped file is MI ) So I decided to lower the maped file integrity using the code provided by MS in the paper "Understanding and working in protected mode internet explorer". But that code doesnt work, and I have seen in this forum that a lot of people is having problems with that code, and I can't find any documentation about this at MSDN In resume: How can I lower a resource integrity level? Can someone help me or give me a hint? Here is the code I'm using to create the mapped file and lower the it's Integrity level: Notice that I replaced the values SDDL_REVISION_1 by 1 and LABEL_SECURITY_INFORMATION by 0x00000010L because I cant find where are defined. Thanks in advance
HANDLE m_hMapVars = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, //&sa, PAGE_READWRITE, 0, 1024, "F31B3896-3455-4d0d-1234-2389346239874"); //Security Descriptor #define LOW_INTEGRITY_SDDL_SACL "S:(ML;;NW;;;LW)" PSECURITY_DESCRIPTOR pSd = NULL; PACL pSacl = NULL; BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; if(ConvertStringSecurityDescriptorToSecurityDescriptor(LOW_INTEGRITY_SDDL_SACL, 1, &pSd , NULL)) { if(GetSecurityDescriptorSacl(pSd, &fSaclPresent, &pSacl, &fSaclDefaulted)) { if(ERROR_SUCCESS != SetSecurityInfo(m_hMapVars, SE_FILE_OBJECT, 0x00000010L , NULL,NULL,NULL, pSacl)) } } }Use
SE_KERNEL_OBJECT, notSE_FILE_OBJECT.--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ Ford, what's this fish doing in my ear?
-
Use
SE_KERNEL_OBJECT, notSE_FILE_OBJECT.--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ Ford, what's this fish doing in my ear?
-
Use
SE_KERNEL_OBJECT, notSE_FILE_OBJECT.--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ Ford, what's this fish doing in my ear?
Didn't work either :S I don't know what else to do. If I open the controller app first, my BHO cant communicate. Worst of all, when I use setsecurityinfo, I get no errors. And my app works, because if I turn off protected mode or open IE before my controller app it works fine. A lot of BHO developers are asking their clients to turn off protected mode in order to use their soft, I think I'll need to do the same :( -- modified at 9:42 Monday 30th April, 2007 I FIXED IT!! Thanks mate, using SE_KERNEL_OBJECT and don't allowing the BHO dll to init if is in the controller app address space it started to work :D