Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
While playing around with Internet Explorer, managed BHO and Remoting servers, I was annoyed that my BHO kept interfering with my day to day browsing needs. (In order to debug the BHO I had some Debug.Asserts in the BHO which gets to you after a while if you need to use the browser.) Also, shutting down IE all the time if I had to change something in the BHO was not helping. Anyway, I needed a better low IL client. Here is one that gives me a low IL command prompt from which I can test.
#include
"windows.h"
#include
"Sddl.h"
#include
"AtlBase.h"
#include
"AtlConv.h"
#include
"shlobj.h"
int main(int argc, char* argv[])
{
USES_CONVERSION;
HANDLE hToken = NULL;
HANDLE hNewToken = NULL;
PWSTR szLowILSid = L"S-1-16-4096"; // Low integrity SID
PSID pILSid = NULL;
TOKEN_MANDATORY_LABEL TIL = {0};
PROCESS_INFORMATION ProcInfo = {0};
STARTUPINFO StartupInfo = {0};
if (! OpenProcessToken( GetCurrentProcess(),
MAXIMUM_ALLOWED,
&hToken ) )
{
wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );
goto cleanup;
}
if (!DuplicateTokenEx( hToken,
MAXIMUM_ALLOWED,
NULL,
SecurityImpersonation,
TokenPrimary,
&hNewToken ) )
{
wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );
goto cleanup;
}
if (!ConvertStringSidToSid( szLowILSid, &pILSid) )
{
wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );
goto cleanup;
}
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pILSid;
// Set the process integrity level
if ( !SetTokenInformation( hNewToken,
TokenIntegrityLevel,
&TIL,
sizeof(TOKEN_MANDATORY_LABEL) + GetSidLengthRequired(1)) )
{
wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );
goto cleanup;
}
wchar_t* sysPath;
wchar_t path[ MAX_PATH ];
if ( S_OK != SHGetKnownFolderPath( FOLDERID_System, NULL, NULL, &sysPath ) )
{
wprintf(L"SHGetKnownFolderPath Failed. \n\r" );
goto cleanup;
}
wchar_t cmd[] = L"\\cmd.exe";
wcscpy_s( path, sysPath );
wcscat_s( path, cmd );
// Create the new process at Low integrity
if (!CreateProcessAsUser( hNewToken,
path,
NULL,
NULL,
NULL,
FALSE,
0,
NULL,
NULL,
&StartupInfo,
&ProcInfo) )
{
wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );
goto cleanup;
}
cleanup:
if (!hToken)
CloseHandle(hToken);
if (!hNewToken)
CloseHandle(hNewToken);
if (!sysPath)
CoTaskMemFree( sysPath );
return 0;
}
Comments
- Anonymous
February 01, 2008
PingBack from http://info.biyad.com/?p=29594