Protected mode and enhanced protected mode reference
This section describes the API for Windows Internet Explorer Protected Mode and Enhanced Protected Mode (EPM).
Overviews/Tutorials
| Topic | Contents |
|---|---|
| Introduction to the protected mode API | Protected Mode helps reduce the severity of threats to Windows Internet Explorer 7 and its extensions by eliminating the silent installation of malicious code through software vulnerabilities. Protected Mode accomplishes this goal using the integrity mechanisms of Windows Vista which restrict access to processes, files, and registry keys with higher integrity levels. The Protected Mode API enables software vendors to develop extensions and add-ons for Internet Explorer that can interact with the file system and registry from a low integrity process, such as Protected Mode Internet Explorer. |
| Protected mode broker functions | Windows Internet Explorer 8 in Windows Vista provides broker functions that allow access between applications, processes, and resources secured to other integrity levels. |
Interfaces
| Topic | Contents |
|---|---|
| IProtectedModeMenuServices | Enables embedded documents to correctly merge menus with Internet Explorer 7 in Protected Mode. |
Structures
| Topic | Contents |
|---|---|
| IELAUNCHURLINFO | Specifies process creation flags for the Windows Internet Explorer process that open a URL. |
| IEObjectTypeEnum | Specifies the type of an object that requires enhanced protected mode access privileges. |
Functions
| Topic | Contents |
|---|---|
| IECancelSaveFile | Frees memory and state associated with a previous call to IEShowSaveFileDialog. |
| IECreateDirectory | Creates a new directory by calling the standard CreateDirectory function from a higher-integrity user context. |
| IECreateFile | Calls the standard CreateFile function from a higher-integrity user context. Creates or opens a file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, or named pipe. The function returns a handle that can be used to access the object. |
| IEDeleteFile | Calls the standard DeleteFile from a higher integrity user context to delete an existing file. |
| IEFindFirstFile | Calls the standard FindFirstFile function from a higher-integrity user context. Searches a directory for a file or subdirectory with a name that matches a specific name. |
| IEGetFileAttributesEx | Calls the standard GetFileAttributesEx function from a higher-integrity user context. Retrieves attributes for a specified file or directory. |
| IEGetProtectedModeCookie | Calls the standard InternetGetCookieEx from a higher-integrity user context. Retrieves the cookie data from the protected mode cookie store. |
| IEGetWriteableFolderPath | Returns the current location of the specified folder. In protected mode, the path points to a location where the user has write permissions. |
| IEGetWriteableHKCU | Returns a handle to a write accessible location under HKEY_CURRENT_USER. |
| IEIsProtectedModeProcess | Determines if Internet Explorer is running in protected mode. |
| IEIsProtectedModeURL | Determines if a URL will open in a protected mode process. |
| IELaunchURL | Opens a URL in an Internet Explorer process with an appropriate integrity level, and returns information about the new process. |
| IEMoveFileEx | Calls the standard MoveFileEx function from a higher-integrity user context. Moves an existing file or directory, including its children, with various move options. |
| IERefreshElevationPolicy | Tells Windows Internet Explorer processes to refresh elevation policies from the registry. |
| IERegCreateKeyEx | Calls the standard RegCreateKeyEx from a higher-integrity user context. Creates the specified registry key. If the key already exists, the function opens it. Note that key names are not case sensitive. |
| IERegisterWritableRegistryKey | Calls the standard RegCreateKeyEx from a higher-integrity user context. Registers a key during installation so that low integrity processes can write into this location during run time. |
| IERegisterWritableRegistryValue | This function calls the standard RegCreateKeyEx from a higher-integrity user context. It registers a value in a path during installation so that low-integrity processes can write into this location during run time. |
| IERegSetValueEx | Calls the standard RegSetValueEx from a higher-integrity user context. This function sets the data and type of a specified value under a registry key. |
| IERemoveDirectory | Calls the standard RemoveDirectory function from a higher-integrity user context. Deletes an existing empty directory. |
| IESaveFile | Saves the file to the location selected by the user in a previous call to IEShowSaveFileDialog. |
| IESetProtectedModeCookie | Calls the standard InternetSetCookieEx from a higher-integrity user context. Creates a cookie with a specified name that is associated with a specified URL. |
| IEShowSaveFileDialog | Opens the Windows Common Save File dialog box from a medium integrity context. |
| SetAccessForIEAppContainer | Applies an access mask to a securable kernel object and enables Internet Explorer 11 to access the object when enhanced protected mode (EPM) is enabled. |
| IEUnregisterWritableRegistry | Unregister and delete a registry that was registered for writable. |
Related topics
Enhanced protected mode (EPM) may be enabled on the desktop