Udostępnij za pośrednictwem


Testing with Low IL

While playing around with Internet Explorer, managed BHO and Remoting servers, I was annoyed that my BHO kept interfering with my day to day browsing needs. (In order to debug the BHO I had some Debug.Asserts in the BHO which gets to you after a while if you need to use the browser.) Also, shutting down IE all the time if I had to change something in the BHO was not helping. Anyway, I needed a better low IL client. Here is one that gives me a low IL command prompt from which I can test.

#include
"windows.h"

#include
"Sddl.h"

#include
"AtlBase.h"

#include
"AtlConv.h"

#include
"shlobj.h"

 
 

int main(int argc, char* argv[])

{

    USES_CONVERSION;

    HANDLE    hToken        = NULL;

    HANDLE hNewToken    = NULL;

    PWSTR szLowILSid    = L"S-1-16-4096"; // Low integrity SID

    PSID    pILSid        = NULL;

    TOKEN_MANDATORY_LABEL TIL            = {0};

    PROCESS_INFORMATION ProcInfo        = {0};

    STARTUPINFO StartupInfo    = {0};

 
 

    if (! OpenProcessToken( GetCurrentProcess(),

                            MAXIMUM_ALLOWED,

                            &hToken ) )

    {

        wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );

        goto cleanup;

    }

    if (!DuplicateTokenEx( hToken,

                            MAXIMUM_ALLOWED,

                            NULL,

                            SecurityImpersonation,

                            TokenPrimary,

                            &hNewToken ) )

    {

        wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );

        goto cleanup;

    }

    if (!ConvertStringSidToSid( szLowILSid, &pILSid) )

    {

        wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );

        goto cleanup;

    }

 
 

    TIL.Label.Attributes = SE_GROUP_INTEGRITY;

    TIL.Label.Sid = pILSid;

 
 

    // Set the process integrity level

    if ( !SetTokenInformation( hNewToken,

                            TokenIntegrityLevel,

                            &TIL,

                            sizeof(TOKEN_MANDATORY_LABEL) + GetSidLengthRequired(1)) )

    {

        wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );

        goto cleanup;

    }

 
 

    wchar_t* sysPath;

    wchar_t     path[ MAX_PATH ];

 
 

    if ( S_OK != SHGetKnownFolderPath( FOLDERID_System, NULL, NULL, &sysPath ) )

    {

        wprintf(L"SHGetKnownFolderPath Failed. \n\r" );

        goto cleanup;

    }

 
 

    wchar_t cmd[] = L"\\cmd.exe";

    wcscpy_s( path, sysPath );

    wcscat_s( path, cmd );

 
 

    // Create the new process at Low integrity

    if (!CreateProcessAsUser( hNewToken,

                            path,

                            NULL,

                            NULL,

                            NULL,

                            FALSE,

                            0,

                            NULL,

                            NULL,

                            &StartupInfo,

                            &ProcInfo) )

    {

        wprintf(L"OpenProcessToken() failed. Error: %u\n\r", GetLastError() );

        goto cleanup;

    }

 
 

cleanup:

    if (!hToken)

        CloseHandle(hToken);

    if (!hNewToken)

        CloseHandle(hNewToken);

    if (!sysPath)

        CoTaskMemFree( sysPath );

    return 0;

}

Comments