Win32API.OpenFileMapping Throws Access Violation Exception From IE ToolBar

770 views Asked by At

We are trying to Memory Mapping File Technique to share some information across the processes

But when we use this in one of our component which is IE Toolbar it throws access violation exception when IE is running in protected mode.

Can someone help me in this regard??.

If there is any alternative to share memroy within multiple process through which IE do not have any problem while running in protected mode, please also share

Detailed scenario is already explained here Thanks

1

There are 1 answers

0
Mubashar On BEST ANSWER

No Reply Yet???

Anyway I found the Solution, We need to understand the problem first.

When IE is running in Protected Mode its actually take IE process to Low-Integrity level to avoid usage of secure objects from IE. So if a Kernal Object (Memory Map File) is created in Highty-Integrity Process (e.g. from a console or window application) then it would not be accessed from the IE when its in protected mode.

So make this work one has to mark the Kernal Object to Low-Integrity level from the high-Integrity process, this object will be accessible from low-integrity level processes as well though it will make the object vulnerable as well.

after a long research i found(here) the following VC++ code to set a kernal object to the low-integrity level:

LPCWSTR LOW_INTEGRITY_SDDL_SACL_W = L"S:(ML;;NW;;;LW)";

bool SetObjectToLowIntegrity(HANDLE hObject, SE_OBJECT_TYPE type = SE_KERNEL_OBJECT)    
{
    bool bRet = false;
    DWORD dwErr = ERROR_SUCCESS;
    PSECURITY_DESCRIPTOR pSD = NULL;
    PACL pSacl = NULL;
    BOOL fSaclPresent = FALSE;
    BOOL fSaclDefaulted = FALSE;

      if ( ConvertStringSecurityDescriptorToSecurityDescriptorW (LOW_INTEGRITY_SDDL_SACL_W, SDDL_REVISION_1, &pSD, NULL ) )
      {
        if ( GetSecurityDescriptorSacl (
               pSD, &fSaclPresent, &pSacl, &fSaclDefaulted ) )
          {
          dwErr = SetSecurityInfo (
                    hObject, type, LABEL_SECURITY_INFORMATION,
                    NULL, NULL, NULL, pSacl );

          bRet = (ERROR_SUCCESS == dwErr);
          }

        LocalFree ( pSD );
        }

      return bRet;
    }

to make it workable in C# I converted above windows Apis into C# as follow;

    public const int LABEL_SECURITY_INFORMATION = 0x00000010;

    public enum SE_OBJECT_TYPE
        {
            SE_UNKNOWN_OBJECT_TYPE = 0,
            SE_FILE_OBJECT,
            SE_SERVICE,
            SE_PRINTER,
            SE_REGISTRY_KEY,
            SE_LMSHARE,
            SE_KERNEL_OBJECT,
            SE_WINDOW_OBJECT,
            SE_DS_OBJECT,
            SE_DS_OBJECT_ALL,
            SE_PROVIDER_DEFINED_OBJECT,
            SE_WMIGUID_OBJECT,
            SE_REGISTRY_WOW64_32KEY
        }

public static bool SetLowIntegrityLevel(IntPtr hObject)
        {
            bool bResult = false;
            IntPtr pSD = IntPtr.Zero;
            IntPtr pSacl = IntPtr.Zero;
            IntPtr lpbSaclPresent = IntPtr.Zero;
            IntPtr lpbSaclDefaulted = IntPtr.Zero;
            uint securityDescriptorSize = 0;

            if (ConvertStringSecurityDescriptorToSecurityDescriptorW("S:(ML;;NW;;;LW)", 1, ref pSD, ref securityDescriptorSize))
            {
                if (GetSecurityDescriptorSacl(pSD, out lpbSaclPresent, out pSacl, out lpbSaclDefaulted))
                {
                    int result = SetSecurityInfo(hObject, 
                                                  SE_OBJECT_TYPE.SE_KERNEL_OBJECT, 
                                                  LABEL_SECURITY_INFORMATION, 
                                                  IntPtr.Zero, 
                                                  IntPtr.Zero, 
                                                  IntPtr.Zero, 
                                                  pSacl);
                    bResult = (result == 0);
                }
                LocalFree(pSD);
            }

            return bResult;
        }

[DllImport("Advapi32.dll", EntryPoint = "SetSecurityInfo")]
        public static extern int SetSecurityInfo(IntPtr hFileMappingObject,
                                                    SE_OBJECT_TYPE objectType,
                                                    Int32 securityInfo,
                                                    IntPtr psidOwner,
                                                    IntPtr psidGroup,
                                                    IntPtr pDacl,
                                                    IntPtr pSacl);

        [DllImport("advapi32.dll", EntryPoint = "GetSecurityDescriptorSacl")]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern Boolean GetSecurityDescriptorSacl(
            IntPtr pSecurityDescriptor,
            out IntPtr lpbSaclPresent,
            out IntPtr pSacl,
            out IntPtr lpbSaclDefaulted);

        [DllImport("advapi32.dll", EntryPoint = "ConvertStringSecurityDescriptorToSecurityDescriptorW")]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern Boolean ConvertStringSecurityDescriptorToSecurityDescriptorW(
            [MarshalAs(UnmanagedType.LPWStr)] String strSecurityDescriptor,
            UInt32 sDRevision,
            ref IntPtr securityDescriptor,
            ref UInt32 securityDescriptorSize);

        [DllImport("kernel32.dll", EntryPoint = "LocalFree")]
        public static extern UInt32 LocalFree(IntPtr hMem);