如何在IE保护模式下抑制警告

发布于 2024-09-06 21:08:50 字数 1624 浏览 8 评论 0原文

我有一个 BHO,它将网页捕获为图像,然后运行另一个进程来 pngcrush 由此创建的图像。我在启用 UAC 的系统中面临的问题是,每次 IE 运行时,我都会收到关于从 BHO 生成的 pngcrushing 进程的警告。我在这里读到

了解并在保护模式下使用 Internet Explorer 存档

从保护模式启动进程

一般来说,扩展应该尽可能以低完整性进程运行。这提供了针对恶意攻击的最佳保护。然而,有时扩展可能需要访问中等甚至高完整性对象。

为此,请创建一个代理进程来访问更高完整性的对象,然后启动具有更高完整性级别的代理进程。默认情况下,Internet Explorer 将提示用户确认中等完整性提升进程,如以下屏幕截图所示。

“在此处输入图像描述"

您可以通过创建提升策略来悄悄地将代理进程提升到中等完整性级别,该策略是一系列注册表项和值,告诉保护模式如何处理特定代理的提升。提升策略必须具有与其关联的全局唯一标识符 (GUID)。使用 CreateGuid 为您的策略创建新的 GUID。接下来,将密钥添加到以下位置。

然后继续描述静默提升帮助进程所需的注册表项:

计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e884ace-bee4-11e4-8dfc-a​​a07a5b093db}

  • 应用程序名称:REG_SZ =“Contoso.exe”
  • AppPath:REG_SZ = “C:\%USERPROFILE%\Application Data\Contoso”
  • 政策:REG_DWORD = 0x00000003

当我执行相同的注册表项时手动查看我是否超越了这些警告,发现它不起作用。有人可以告诉我如何从 BHO 静默运行该进程而不出现任何 UAC 警告吗?

卡皮尔

I have a BHO which captures webpages as images and I run another process to pngcrush the images thus created. The problem that I face in UAC enabled systems is that every time IE runs, I get a warning for the pngcrushing process that I spawn from the BHO. I read here

Understanding and Working in Protected Mode Internet Explorer archive

Starting Processes from Protected Mode

In general, extensions should operate as low integrity processes whenever possible. This provides the best protection against malicious attacks. However, there are times when an extension may need to access medium or even high integrity objects.

To do this, create a broker process to access higher integrity objects and then launch the broker process with a higher integrity level. By default, Internet Explorer will prompt the user to confirm the medium integrity elevated process, as shown in the following screen shot.

enter image description here

You can silently elevate your broker process to medium integrity level by creating an elevation policy, which is a series of registry keys and values that tell Protected Mode how to handle elevation for a specific broker. Elevation policies must have a globally unique identifier (GUID) associated with them. Use CreateGuid to create a new GUID for your policy. Next, add a key to the following location.

It then proceeds to describe the registry entries requires to silently elevate the help process:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e884ace-bee4-11e4-8dfc-aa07a5b093db}

  • AppName: REG_SZ = "Contoso.exe"
  • AppPath: REG_SZ = "C:\%USERPROFILE%\Application Data\Contoso"
  • Policy: REG_DWORD = 0x00000003

When I did the same reg entries manually to see if I go past these warnings, figured out that it was not working. Can someone tell me how to run the process silently from the BHO without any UAC warnings?

Kapil

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

顾冷 2024-09-13 21:08:50

为了回应上面 @blueraja 的评论,这里是我使用 tp 生成进程的代码:

ProcessStartInfo info = new ProcessStartInfo();
info.FileName = binPath + "\\pngnqi.exe";
info.WindowStyle = ProcessWindowStyle.Hidden;
info.WindowStyle = ProcessWindowStyle.Hidden;
info.Arguments = " -e .jpg " + " \"" + filePath + "thumb_" + count + "\" " + " \"" + filePath + "temp\\" + count + "\" ";
Process pngnqi_process = Process.Start(info); 

In response to @blueraja's comment above, here is the code I use tp spawn the process:

ProcessStartInfo info = new ProcessStartInfo();
info.FileName = binPath + "\\pngnqi.exe";
info.WindowStyle = ProcessWindowStyle.Hidden;
info.WindowStyle = ProcessWindowStyle.Hidden;
info.Arguments = " -e .jpg " + " \"" + filePath + "thumb_" + count + "\" " + " \"" + filePath + "temp\\" + count + "\" ";
Process pngnqi_process = Process.Start(info); 
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文