如何在IE保护模式下抑制警告
我有一个 BHO,它将网页捕获为图像,然后运行另一个进程来 pngcrush 由此创建的图像。我在启用 UAC 的系统中面临的问题是,每次 IE 运行时,我都会收到关于从 BHO 生成的 pngcrushing 进程的警告。我在这里读到
了解并在保护模式下使用 Internet Explorer 存档
从保护模式启动进程
一般来说,扩展应该尽可能以低完整性进程运行。这提供了针对恶意攻击的最佳保护。然而,有时扩展可能需要访问中等甚至高完整性对象。
为此,请创建一个代理进程来访问更高完整性的对象,然后启动具有更高完整性级别的代理进程。默认情况下,Internet Explorer 将提示用户确认中等完整性提升进程,如以下屏幕截图所示。
您可以通过创建提升策略来悄悄地将代理进程提升到中等完整性级别,该策略是一系列注册表项和值,告诉保护模式如何处理特定代理的提升。提升策略必须具有与其关联的全局唯一标识符 (GUID)。使用 CreateGuid 为您的策略创建新的 GUID。接下来,将密钥添加到以下位置。
然后继续描述静默提升帮助进程所需的注册表项:
计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e884ace-bee4-11e4-8dfc-aa07a5b093db}
- 应用程序名称:REG_SZ =“Contoso.exe”
- AppPath:REG_SZ =
“C:\%USERPROFILE%\Application Data\Contoso”
- 政策:REG_DWORD = 0x00000003
当我执行相同的注册表项时手动查看我是否超越了这些警告,发现它不起作用。有人可以告诉我如何从 BHO 静默运行该进程而不出现任何 UAC 警告吗?
卡皮尔
I have a BHO which captures webpages as images and I run another process to pngcrush the images thus created. The problem that I face in UAC enabled systems is that every time IE runs, I get a warning for the pngcrushing process that I spawn from the BHO. I read here
Understanding and Working in Protected Mode Internet Explorer archive
Starting Processes from Protected Mode
In general, extensions should operate as low integrity processes whenever possible. This provides the best protection against malicious attacks. However, there are times when an extension may need to access medium or even high integrity objects.
To do this, create a broker process to access higher integrity objects and then launch the broker process with a higher integrity level. By default, Internet Explorer will prompt the user to confirm the medium integrity elevated process, as shown in the following screen shot.
You can silently elevate your broker process to medium integrity level by creating an elevation policy, which is a series of registry keys and values that tell Protected Mode how to handle elevation for a specific broker. Elevation policies must have a globally unique identifier (GUID) associated with them. Use CreateGuid to create a new GUID for your policy. Next, add a key to the following location.
It then proceeds to describe the registry entries requires to silently elevate the help process:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e884ace-bee4-11e4-8dfc-aa07a5b093db}
- AppName: REG_SZ = "Contoso.exe"
- AppPath: REG_SZ =
"C:\%USERPROFILE%\Application Data\Contoso"
- Policy: REG_DWORD = 0x00000003
When I did the same reg entries manually to see if I go past these warnings, figured out that it was not working. Can someone tell me how to run the process silently from the BHO without any UAC warnings?
Kapil
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了回应上面 @blueraja 的评论,这里是我使用 tp 生成进程的代码:
In response to @blueraja's comment above, here is the code I use tp spawn the process: